Ghost/core/server/api/v2/session.js

const Promise = require('bluebird');
const common = require('../../lib/common');
const models = require('../../models');
const auth = require('../../services/auth');

const session = {
    read(options) {
        /*
         * TODO
         * Don't query db for user, when new api http wrapper is in we can
         * have direct access to req.user, we can also get access to some session
         * inofrmation too and send it back
         */
        return models.User.findOne({id: options.context.user});
    },
    add(object) {
        if (!object || !object.username || !object.password) {
            return Promise.reject(new common.errors.UnauthorizedError({
                message: common.i18n.t('errors.middleware.auth.accessDenied')
            }));
        }

        return models.User.check({
            email: object.username,
            password: object.password
        }).then((user) => {
            return Promise.resolve((req, res, next) => {
                req.user = user;
                auth.session.createSession(req, res, next);
            });
        }).catch((err) => {
            throw new common.errors.UnauthorizedError({
                message: common.i18n.t('errors.middleware.auth.accessDenied'),
                err
            });
        });
    },
    delete() {
        return Promise.resolve((req, res, next) => {
            auth.session.destroySession(req, res, next);
        });
    }
};

module.exports = session;
Created session controller (#9911) refs #9865 Note that this controller is the singular, that's because we plan to make a session resource controller to be used with /sessions, wheras this is on /session 2018-10-03 16:45:42 +03:00			`const Promise = require('bluebird');`
			`const common = require('../../lib/common');`
			`const models = require('../../models');`
			`const auth = require('../../services/auth');`

			`const session = {`
			`read(options) {`
			`/*`
			`* TODO`
			`* Don't query db for user, when new api http wrapper is in we can`
			`* have direct access to req.user, we can also get access to some session`
			`* inofrmation too and send it back`
			`*/`
			`return models.User.findOne({id: options.context.user});`
			`},`
			`add(object) {`
			`if (!object \|\| !object.username \|\| !object.password) {`
			`return Promise.reject(new common.errors.UnauthorizedError({`
			`message: common.i18n.t('errors.middleware.auth.accessDenied')`
			`}));`
			`}`

			`return models.User.check({`
			`email: object.username,`
			`password: object.password`
			`}).then((user) => {`
			`return Promise.resolve((req, res, next) => {`
			`req.user = user;`
			`auth.session.createSession(req, res, next);`
			`});`
			`}).catch((err) => {`
			`throw new common.errors.UnauthorizedError({`
			`message: common.i18n.t('errors.middleware.auth.accessDenied'),`
			`err`
			`});`
			`});`
			`},`
			`delete() {`
			`return Promise.resolve((req, res, next) => {`
			`auth.session.destroySession(req, res, next);`
			`});`
			`}`
			`};`

			`module.exports = session;`