slate/pages/api/users/create.js

91 lines
2.5 KiB
JavaScript

import * as Environment from "~/node_common/environment";
import * as MW from "~/node_common/middleware";
import * as Data from "~/node_common/data";
import * as Utilities from "~/node_common/utilities";
import * as Powergate from "~/node_common/powergate";
import * as LibraryManager from "~/node_common/managers/library";
import * as Validations from "~/common/validations";
import JWT from "jsonwebtoken";
import BCrypt from "bcrypt";
import { Libp2pCryptoIdentity } from "@textile/threads-core";
const initCORS = MW.init(MW.CORS);
export default async (req, res) => {
initCORS(req, res);
const existing = await Data.getUserByUsername({
username: req.body.data.username,
});
if (existing) {
return res
.status(403)
.json({ decorator: "SERVER_EXISTING_USER_ALREADY", error: true });
}
if (!Validations.username(req.body.data.username)) {
return res
.status(500)
.send({ decorator: "SERVER_INVALID_USERNAME", error: true });
}
if (!Validations.password(req.body.data.password)) {
return res
.status(500)
.send({ decorator: "SERVER_INVALID_PASSWORD", error: true });
}
// TODO(jim): Do not expose how many times you are salting
// in OSS, add a random value as an environment variable.
const salt = await BCrypt.genSalt(13);
const hash = await BCrypt.hash(req.body.data.password, salt);
const double = await BCrypt.hash(hash, salt);
const triple = await BCrypt.hash(double, Environment.LOCAL_PASSWORD_SECRET);
const pg = await Powergate.createNewToken();
// API
const identity = await Libp2pCryptoIdentity.fromRandom();
const api = identity.toString();
// TODO(jim):
// Don't do this once you refactor.
const {
buckets,
bucketKey,
bucketName,
} = await Utilities.getBucketAPIFromUserToken(api);
const user = await Data.createUser({
password: triple,
salt,
username: req.body.data.username,
data: {
photo: "https://slate.host/static/a1.jpg",
settings_deals_auto_approve: false,
tokens: { pg, api },
library: LibraryManager.init({ bucketName, readableName: "Data" }),
},
});
if (!user) {
return res
.status(404)
.json({ decorator: "SERVER_USER_CREATE_USER_NOT_FOUND", error: true });
}
if (user.error) {
return res
.status(500)
.json({ decorator: "SERVER_USER_CREATE_USER_NOT_FOUND", error: true });
}
return res.status(200).json({
decorator: "SERVER_USER_CREATE",
user: { username: user.username, id: user.id },
});
};