mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-24 11:22:19 +03:00
7b761a8751
no issue Adds new canary api endpoint, currently replicating v2 endpoint but paving way for future updates to new version
51 lines
1.6 KiB
JavaScript
51 lines
1.6 KiB
JavaScript
const Promise = require('bluebird');
|
|
const common = require('../../lib/common');
|
|
const models = require('../../models');
|
|
const auth = require('../../services/auth');
|
|
|
|
const session = {
|
|
read(options) {
|
|
/*
|
|
* TODO
|
|
* Don't query db for user, when new api http wrapper is in we can
|
|
* have direct access to req.user, we can also get access to some session
|
|
* inofrmation too and send it back
|
|
*/
|
|
return models.User.findOne({id: options.context.user});
|
|
},
|
|
add(object) {
|
|
if (!object || !object.username || !object.password) {
|
|
return Promise.reject(new common.errors.UnauthorizedError({
|
|
message: common.i18n.t('errors.middleware.auth.accessDenied')
|
|
}));
|
|
}
|
|
|
|
return models.User.check({
|
|
email: object.username,
|
|
password: object.password
|
|
}).then((user) => {
|
|
return Promise.resolve((req, res, next) => {
|
|
req.brute.reset(function (err) {
|
|
if (err) {
|
|
return next(err);
|
|
}
|
|
req.user = user;
|
|
auth.session.createSession(req, res, next);
|
|
});
|
|
});
|
|
}).catch((err) => {
|
|
throw new common.errors.UnauthorizedError({
|
|
message: common.i18n.t('errors.middleware.auth.accessDenied'),
|
|
err
|
|
});
|
|
});
|
|
},
|
|
delete() {
|
|
return Promise.resolve((req, res, next) => {
|
|
auth.session.destroySession(req, res, next);
|
|
});
|
|
}
|
|
};
|
|
|
|
module.exports = session;
|