38 lines
1.0 KiB
Plaintext
38 lines
1.0 KiB
Plaintext
lapis = require "lapis"
|
|
bcrypt = require "bcrypt"
|
|
config = require("lapis.config").get!
|
|
|
|
import Users from require "models"
|
|
import api, abort, assert_model from require "helpers"
|
|
|
|
class extends lapis.Application
|
|
[authenticate: "/0/auth"]: api {
|
|
POST: =>
|
|
local user
|
|
if @params.name
|
|
user = Users\find name: @params.name
|
|
elseif @params.id
|
|
user = Users\find id: @params.id
|
|
abort "No such user." unless user
|
|
|
|
if user
|
|
unless bcrypt.verify(@params.password, user.digest)
|
|
abort "Incorrect password."
|
|
elseif @params.password
|
|
-- TODO create user with specified password
|
|
-- TODO constraints on password for security purposes
|
|
user = assert_model Users\create {
|
|
name: @params.name
|
|
digest: bcrypt.digest(@params.password, config.digest_rounds)
|
|
}
|
|
|
|
return name: user.name, id: user.id
|
|
}
|
|
[name: "/0/:id[%d]"]: api {
|
|
GET: =>
|
|
if user = Users\find id: @params.id
|
|
return name: user.name
|
|
else
|
|
abort "No such user."
|
|
}
|