diff --git a/src/controllers/write/index.js b/src/controllers/write/index.js index 66d6598780..e781467c18 100644 --- a/src/controllers/write/index.js +++ b/src/controllers/write/index.js @@ -9,3 +9,4 @@ Write.topics = require('./topics'); Write.posts = require('./posts'); Write.admin = require('./admin'); Write.files = require('./files'); +Write.utilities = require('./utilities'); diff --git a/src/controllers/write/utilities.js b/src/controllers/write/utilities.js new file mode 100644 index 0000000000..fe6dbf78a3 --- /dev/null +++ b/src/controllers/write/utilities.js @@ -0,0 +1,44 @@ +'use strict'; + +const user = require('../../user'); +const authenticationController = require('../authentication'); +const slugify = require('../../slugify'); +const helpers = require('../helpers'); + +const Utilities = module.exports; + +Utilities.ping = {}; +Utilities.ping.get = (req, res) => { + helpers.formatApiResponse(200, res, { + pong: true, + }); +}; + +Utilities.ping.post = (req, res) => { + helpers.formatApiResponse(200, res, { + uid: req.user.uid, + received: req.body, + }); +}; + +Utilities.login = (req, res) => { + res.locals.continueLogin = async (req, res) => { + const { username, password } = req.body; + + const userslug = slugify(username); + const uid = await user.getUidByUserslug(userslug); + const ok = await user.isPasswordCorrect(uid, password, req.ip); + + if (ok) { + const userData = await user.getUsers([uid], uid); + helpers.formatApiResponse(200, res, userData); + } else { + helpers.formatApiResponse(403, res); + } + }; + res.locals.noScriptErrors = (req, res, err, statusCode) => { + helpers.formatApiResponse(statusCode, res, new Error(err)); + }; + + authenticationController.login(req, res); +}; diff --git a/src/routes/write/index.js b/src/routes/write/index.js index 6cf266acdb..b2689cc586 100644 --- a/src/routes/write/index.js +++ b/src/routes/write/index.js @@ -4,6 +4,7 @@ const winston = require('winston'); const meta = require('../../meta'); const plugins = require('../../plugins'); const middleware = require('../../middleware'); +const writeControllers = require('../../controllers/write'); const helpers = require('../../controllers/helpers'); const Write = module.exports; @@ -38,19 +39,10 @@ Write.reload = async (params) => { router.use('/api/v3/posts', require('./posts')()); router.use('/api/v3/admin', require('./admin')()); router.use('/api/v3/files', require('./files')()); + router.use('/api/v3/utilities', require('./utilities')()); - router.get('/api/v3/ping', function (req, res) { - helpers.formatApiResponse(200, res, { - pong: true, - }); - }); - - router.post('/api/v3/ping', middleware.authenticate, function (req, res) { - helpers.formatApiResponse(200, res, { - uid: req.user.uid, - received: req.body, - }); - }); + router.get('/api/v3/ping', writeControllers.utilities.ping.get); + router.post('/api/v3/ping', middleware.authenticate, writeControllers.utilities.ping.post); /** * Plugins can add routes to the Write API by attaching a listener to the diff --git a/src/routes/write/utilities.js b/src/routes/write/utilities.js new file mode 100644 index 0000000000..085536766c --- /dev/null +++ b/src/routes/write/utilities.js @@ -0,0 +1,16 @@ +'use strict'; + +const router = require('express').Router(); +const middleware = require('../../middleware'); +const controllers = require('../../controllers'); +const routeHelpers = require('../helpers'); + +const setupApiRoute = routeHelpers.setupApiRoute; + +module.exports = function () { + // The "ping" routes are mounted at root level, but for organizational purposes, the controllers are in `utilities.js` + + setupApiRoute(router, 'post', '/login', [middleware.checkRequired.bind(null, ['username', 'password'])], controllers.write.utilities.login); + + return router; +}; diff --git a/src/user/posts.js b/src/user/posts.js index 9f85b3456a..a3ee52a854 100644 --- a/src/user/posts.js +++ b/src/user/posts.js @@ -1,5 +1,6 @@ 'use strict'; +const { loadFiles } = require('nconf'); const db = require('../database'); const meta = require('../meta'); const privileges = require('../privileges');