37 lines
1.0 KiB
JavaScript
37 lines
1.0 KiB
JavaScript
import { ok, unauthorized, methodNotAllowed } from 'lib/response';
|
|
import { post } from 'lib/web';
|
|
import { parseSecureToken, key, createSecureToken } from 'lib/crypto';
|
|
import { getAccountByUsername } from 'queries';
|
|
|
|
export default async (req, res) => {
|
|
var { authCode } = req.body;
|
|
|
|
if (req.method === 'POST') {
|
|
const params = {
|
|
authorizationCode: authCode,
|
|
clientId: process.env.CLIENT_ID,
|
|
clientSecret: process.env.CLIENT_SECRET,
|
|
};
|
|
|
|
var { ok: authOk, data } = await post(process.env.OAUTH_URL, params);
|
|
|
|
if (authOk) {
|
|
const { username } = await parseSecureToken(data.token, key(process.env.CLIENT_SECRET));
|
|
|
|
const account = await getAccountByUsername(username);
|
|
|
|
if (account) {
|
|
const { user_id, username, is_admin } = account;
|
|
const user = { user_id, username, is_admin };
|
|
const token = await createSecureToken(user);
|
|
|
|
return ok(res, { token, user });
|
|
}
|
|
}
|
|
|
|
return unauthorized(res);
|
|
}
|
|
|
|
return methodNotAllowed(res);
|
|
};
|