|
@@ -0,0 +1,37 @@
|
|
1
|
+lapis = require "lapis"
|
|
2
|
+bcrypt = require "bcrypt"
|
|
3
|
+config = require("lapis.config").get!
|
|
4
|
+
|
|
5
|
+import Users from require "models"
|
|
6
|
+import api, abort, assert_model from require "helpers"
|
|
7
|
+
|
|
8
|
+class extends lapis.Application
|
|
9
|
+ [authenticate: "/0/auth"]: api {
|
|
10
|
+ POST: =>
|
|
11
|
+ local user
|
|
12
|
+ if @params.name
|
|
13
|
+ user = Users\find name: @params.name
|
|
14
|
+ elseif @params.id
|
|
15
|
+ user = Users\find id: @params.id
|
|
16
|
+ abort "No such user." unless user
|
|
17
|
+
|
|
18
|
+ if user
|
|
19
|
+ unless bcrypt.verify(@params.password, user.digest)
|
|
20
|
+ abort "Incorrect password."
|
|
21
|
+ elseif @params.password
|
|
22
|
+ -- TODO create user with specified password
|
|
23
|
+ -- TODO constraints on password for security purposes
|
|
24
|
+ user = assert_model Users\create {
|
|
25
|
+ name: @params.name
|
|
26
|
+ digest: bcrypt.digest(@params.password, config.digest_rounds)
|
|
27
|
+ }
|
|
28
|
+
|
|
29
|
+ return name: user.name, id: user.id
|
|
30
|
+ }
|
|
31
|
+ [name: "/0/:id[%d]"]: api {
|
|
32
|
+ GET: =>
|
|
33
|
+ if user = Users\find id: @params.id
|
|
34
|
+ return name: user.name
|
|
35
|
+ else
|
|
36
|
+ abort "No such user."
|
|
37
|
+ }
|