2020-04-23 04:36:50 -05:00
|
|
|
import { handleIdAndPassLogin, handleTokenRevocation } from '@server/lib/auth'
|
|
|
|
import * as RateLimit from 'express-rate-limit'
|
|
|
|
import { CONFIG } from '@server/initializers/config'
|
|
|
|
import * as express from 'express'
|
|
|
|
import { Hooks } from '@server/lib/plugins/hooks'
|
|
|
|
import { asyncMiddleware, authenticate } from '@server/middlewares'
|
|
|
|
|
|
|
|
const tokensRouter = express.Router()
|
|
|
|
|
|
|
|
const loginRateLimiter = RateLimit({
|
|
|
|
windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
|
|
|
|
max: CONFIG.RATES_LIMIT.LOGIN.MAX
|
|
|
|
})
|
|
|
|
|
|
|
|
tokensRouter.post('/token',
|
|
|
|
loginRateLimiter,
|
|
|
|
handleIdAndPassLogin,
|
|
|
|
tokenSuccess
|
|
|
|
)
|
|
|
|
|
|
|
|
tokensRouter.post('/revoke-token',
|
|
|
|
authenticate,
|
2020-04-24 04:33:01 -05:00
|
|
|
asyncMiddleware(handleTokenRevocation)
|
2020-04-23 04:36:50 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
export {
|
|
|
|
tokensRouter
|
|
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
function tokenSuccess (req: express.Request) {
|
|
|
|
const username = req.body.username
|
|
|
|
|
|
|
|
Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip })
|
|
|
|
}
|