diff options
author | vantezzen <properly@protonmail.com> | 2019-08-26 10:31:24 +0200 |
---|---|---|
committer | vantezzen <properly@protonmail.com> | 2019-08-26 10:31:24 +0200 |
commit | ddedc080a28a46b7d9125682a3c990409908b70b (patch) | |
tree | ddbef921b6954a53984ea195dfbf24afcf367ae2 /app/Controllers/Http/UserController.js | |
parent | Add announcement route (diff) | |
download | ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.gz ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.tar.zst ferdium-server-ddedc080a28a46b7d9125682a3c990409908b70b.zip |
Add validations
Diffstat (limited to 'app/Controllers/Http/UserController.js')
-rw-r--r-- | app/Controllers/Http/UserController.js | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js index 5c4d7fb..f81a0d5 100644 --- a/app/Controllers/Http/UserController.js +++ b/app/Controllers/Http/UserController.js | |||
@@ -1,6 +1,9 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const User = use('App/Models/User'); | 3 | const User = use('App/Models/User'); |
4 | const { | ||
5 | validateAll | ||
6 | } = use('Validator'); | ||
4 | const atob = require('atob'); | 7 | const atob = require('atob'); |
5 | 8 | ||
6 | class UserController { | 9 | class UserController { |
@@ -12,8 +15,22 @@ class UserController { | |||
12 | auth, | 15 | auth, |
13 | session | 16 | session |
14 | }) { | 17 | }) { |
18 | // Validate user input | ||
19 | const validation = await validateAll(request.all(), { | ||
20 | firstname: 'required', | ||
21 | email: 'required|email|unique:users,email', | ||
22 | password: 'required' | ||
23 | }); | ||
24 | if (validation.fails()) { | ||
25 | return response.status(401).send({ | ||
26 | "message": "Invalid POST arguments", | ||
27 | "status": 401 | ||
28 | }) | ||
29 | } | ||
30 | |||
15 | const data = request.only(['firstname', 'email', 'password']); | 31 | const data = request.only(['firstname', 'email', 'password']); |
16 | 32 | ||
33 | // Create user in DB | ||
17 | let user; | 34 | let user; |
18 | try { | 35 | try { |
19 | user = await User.create({ | 36 | user = await User.create({ |
@@ -21,13 +38,14 @@ class UserController { | |||
21 | password: data.password, | 38 | password: data.password, |
22 | username: data.firstname | 39 | username: data.firstname |
23 | }); | 40 | }); |
24 | } catch(e) { | 41 | } catch (e) { |
25 | return response.status(401).send({ | 42 | return response.status(401).send({ |
26 | "message": "E-Mail Address already in use", | 43 | "message": "E-Mail Address already in use", |
27 | "status": 401 | 44 | "status": 401 |
28 | }) | 45 | }) |
29 | } | 46 | } |
30 | 47 | ||
48 | // Generate new auth token | ||
31 | const token = await auth.generate(user) | 49 | const token = await auth.generate(user) |
32 | 50 | ||
33 | return response.send({ | 51 | return response.send({ |
@@ -42,8 +60,17 @@ class UserController { | |||
42 | response, | 60 | response, |
43 | auth | 61 | auth |
44 | }) { | 62 | }) { |
63 | if (!request.header('Authorization')) { | ||
64 | return response.status(401).send({ | ||
65 | "message": "Please provide authorization", | ||
66 | "status": 401 | ||
67 | }) | ||
68 | } | ||
69 | |||
70 | // Get auth data from auth token | ||
45 | const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':'); | 71 | const authHeader = atob(request.header('Authorization').replace('Basic ', '')).split(':'); |
46 | 72 | ||
73 | // Check if user with email exists | ||
47 | let user = (await User.query().where('email', authHeader[0]).first()); | 74 | let user = (await User.query().where('email', authHeader[0]).first()); |
48 | if (!user || !user.email) { | 75 | if (!user || !user.email) { |
49 | return response.status(401).send({ | 76 | return response.status(401).send({ |
@@ -53,7 +80,7 @@ class UserController { | |||
53 | }); | 80 | }); |
54 | } | 81 | } |
55 | 82 | ||
56 | 83 | // Try to login | |
57 | let token; | 84 | let token; |
58 | try { | 85 | try { |
59 | token = await auth.attempt(user.email, authHeader[1]) | 86 | token = await auth.attempt(user.email, authHeader[1]) |