feat: add write API route for checking login credentials

src/controllers/write/index.js

@@ -9,3 +9,4 @@ Write.topics = require('./topics');
 Write.posts = require('./posts');
 Write.admin = require('./admin');
 Write.files = require('./files');
+Write.utilities = require('./utilities');

src/controllers/write/utilities.js

@@ -0,0 +1,44 @@
+'use strict';
+
+const user = require('../../user');
+const authenticationController = require('../authentication');
+const slugify = require('../../slugify');
+const helpers = require('../helpers');
+
+const Utilities = module.exports;
+
+Utilities.ping = {};
+Utilities.ping.get = (req, res) => {
+	helpers.formatApiResponse(200, res, {
+		pong: true,
+	});
+};
+
+Utilities.ping.post = (req, res) => {
+	helpers.formatApiResponse(200, res, {
+		uid: req.user.uid,
+		received: req.body,
+	});
+};
+
+Utilities.login = (req, res) => {
+	res.locals.continueLogin = async (req, res) => {
+		const { username, password } = req.body;
+
+		const userslug = slugify(username);
+		const uid = await user.getUidByUserslug(userslug);
+		const ok = await user.isPasswordCorrect(uid, password, req.ip);
+
+		if (ok) {
+			const userData = await user.getUsers([uid], uid);
+			helpers.formatApiResponse(200, res, userData);
+		} else {
+			helpers.formatApiResponse(403, res);
+		}
+	};
+	res.locals.noScriptErrors = (req, res, err, statusCode) => {
+		helpers.formatApiResponse(statusCode, res, new Error(err));
+	};
+
+	authenticationController.login(req, res);
+};

src/routes/write/index.js

@@ -4,6 +4,7 @@ const winston = require('winston');
 const meta = require('../../meta');
 const plugins = require('../../plugins');
 const middleware = require('../../middleware');
+const writeControllers = require('../../controllers/write');
 const helpers = require('../../controllers/helpers');
 
 const Write = module.exports;
@@ -38,19 +39,10 @@ Write.reload = async (params) => {
 	router.use('/api/v3/posts', require('./posts')());
 	router.use('/api/v3/admin', require('./admin')());
 	router.use('/api/v3/files', require('./files')());
+	router.use('/api/v3/utilities', require('./utilities')());
 
-	router.get('/api/v3/ping', function (req, res) {
-		helpers.formatApiResponse(200, res, {
-			pong: true,
-		});
-	});
-
-	router.post('/api/v3/ping', middleware.authenticate, function (req, res) {
-		helpers.formatApiResponse(200, res, {
-			uid: req.user.uid,
-			received: req.body,
-		});
-	});
+	router.get('/api/v3/ping', writeControllers.utilities.ping.get);
+	router.post('/api/v3/ping', middleware.authenticate, writeControllers.utilities.ping.post);
 
 	/**
 	 * Plugins can add routes to the Write API by attaching a listener to the

src/routes/write/utilities.js

@@ -0,0 +1,16 @@
+'use strict';
+
+const router = require('express').Router();
+const middleware = require('../../middleware');
+const controllers = require('../../controllers');
+const routeHelpers = require('../helpers');
+
+const setupApiRoute = routeHelpers.setupApiRoute;
+
+module.exports = function () {
+	// The "ping" routes are mounted at root level, but for organizational purposes, the controllers are in `utilities.js`
+
+	setupApiRoute(router, 'post', '/login', [middleware.checkRequired.bind(null, ['username', 'password'])], controllers.write.utilities.login);
+
+	return router;
+};

src/user/posts.js

@@ -1,5 +1,6 @@
 'use strict';
 
+const { loadFiles } = require('nconf');
 const db = require('../database');
 const meta = require('../meta');
 const privileges = require('../privileges');