57 lines
1.4 KiB
JavaScript
57 lines
1.4 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
|
|
const { accounts } = require('../database/models');
|
|
|
|
//middleware
|
|
const tokenAuth = require('../utilities/token-auth');
|
|
const tokenDecode = require('../utilities/token-decode');
|
|
|
|
//signup -> validate -> login all without a token
|
|
router.post('/signup', require('./signup'));
|
|
router.get('/validation', require('./validation'));
|
|
router.post('/login', require('./login'));
|
|
|
|
//password recover and reset
|
|
router.post('/recover', require('./password-recover'));
|
|
router.get('/reset', require('./password-redirect'));
|
|
router.patch('/reset', require('./password-reset'));
|
|
|
|
//logouts allowed when banned, and when the token itself is invalid
|
|
router.delete('/logout', require('./logout'));
|
|
|
|
//authenticate token
|
|
router.use(tokenDecode);
|
|
|
|
//middleware
|
|
router.use(async (req, res, next) => {
|
|
const record = await accounts.findOne({
|
|
where: {
|
|
email: req.user?.email || ''
|
|
}
|
|
});
|
|
|
|
if (!record) {
|
|
return res.status(500).send('Account not found in banning middleware');
|
|
}
|
|
|
|
if (record.banned) {
|
|
return res.status(403).send('This account has been banned');
|
|
}
|
|
|
|
next();
|
|
});
|
|
|
|
//refresh token
|
|
router.post('/token', require('./token'));
|
|
|
|
//authenticate token
|
|
router.use(tokenAuth);
|
|
|
|
//basic account management (needs a token)
|
|
router.get('/account', require('./account-query'));
|
|
router.patch('/account', require('./account-update'));
|
|
router.delete('/account', require('./account-delete'));
|
|
|
|
module.exports = router;
|