161 lines
4.3 KiB
JavaScript
161 lines
4.3 KiB
JavaScript
const { jwtSecret, jwtValidityDuration } = require("../config")
|
|
const { validateCredentials, getCustomerById } = require("../lib/bigcommerceRestAPI")
|
|
const { getRefreshToken, createTibiCustomer } = require("../lib/utils")
|
|
|
|
;(function () {
|
|
function deleteRefreshTokenCookie() {
|
|
context.cookie.set("bkdfRefreshToken", "", {
|
|
maxAge: -1,
|
|
httpOnly: true,
|
|
path: "/api",
|
|
})
|
|
}
|
|
|
|
if (context.request().query("logout")) {
|
|
deleteRefreshTokenCookie()
|
|
throw {
|
|
status: 200,
|
|
message: "ok",
|
|
log: false,
|
|
}
|
|
}
|
|
context.data.email = context?.data?.email?.toLowerCase()
|
|
const { email, password } = context.data
|
|
let bigCommerceId
|
|
|
|
if (!email || !password) {
|
|
const rT = getRefreshToken()
|
|
console.log(JSON.stringify(rT), "refreshtoken")
|
|
|
|
if (rT) {
|
|
/** @type {JWTRefreshClaims} */ // @ts-ignore
|
|
const refreshClaims = rT.claims
|
|
|
|
if (!rT.valid) {
|
|
throw {
|
|
status: 403,
|
|
error: "token: " + rT.error,
|
|
log: false,
|
|
}
|
|
}
|
|
|
|
bigCommerceId = refreshClaims && refreshClaims.bigCommerceId
|
|
if (!bigCommerceId) {
|
|
deleteRefreshTokenCookie()
|
|
throw {
|
|
status: 403,
|
|
error: "token: inavlid claims",
|
|
log: false,
|
|
}
|
|
}
|
|
} else {
|
|
deleteRefreshTokenCookie()
|
|
throw {
|
|
status: 403,
|
|
error: "missing email and/or password",
|
|
log: false,
|
|
}
|
|
}
|
|
}
|
|
|
|
/** @type {Customer[]} */ // @ts-ignore
|
|
let [customer] = context.db.find("bigCommerceCustomer", {
|
|
filter: bigCommerceId
|
|
? { bigCommerceId }
|
|
: {
|
|
email,
|
|
},
|
|
})
|
|
|
|
if (!customer) {
|
|
if (!bigCommerceId && email) {
|
|
const customerByEmail = getCustomerById(undefined, email, true)
|
|
if (customerByEmail) {
|
|
createTibiCustomer(customerByEmail)
|
|
;[customer] = context.db.find("bigCommerceCustomer", {
|
|
filter: bigCommerceId
|
|
? { bigCommerceId }
|
|
: {
|
|
email,
|
|
},
|
|
})
|
|
} else {
|
|
deleteRefreshTokenCookie()
|
|
throw {
|
|
status: 403,
|
|
error: "login failed",
|
|
log: false,
|
|
}
|
|
}
|
|
} else {
|
|
deleteRefreshTokenCookie()
|
|
throw {
|
|
status: 403,
|
|
error: "login failed",
|
|
log: false,
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!bigCommerceId) {
|
|
// login via username/password
|
|
const validate = validateCredentials(email, password)
|
|
const passwordOK = validate.is_valid
|
|
if (!passwordOK) {
|
|
deleteRefreshTokenCookie()
|
|
throw {
|
|
status: 403,
|
|
error: "login failed",
|
|
log: false,
|
|
}
|
|
}
|
|
}
|
|
|
|
if (customer.locked) {
|
|
deleteRefreshTokenCookie()
|
|
throw {
|
|
status: 403,
|
|
error: "customer locked",
|
|
log: false,
|
|
}
|
|
}
|
|
|
|
/** @type {JWTLoginClaims} */
|
|
const loginClaims = {
|
|
tibiId: customer.id,
|
|
bigCommerceId: customer.bigCommerceId,
|
|
email: customer.email,
|
|
}
|
|
|
|
const token = context.jwt.create(loginClaims, {
|
|
secret: jwtSecret,
|
|
validityDuration: jwtValidityDuration,
|
|
})
|
|
|
|
const refreshTokenMaxAge = 60 * 60 * 24 // 24h
|
|
/** @type {JWTRefreshClaims} */
|
|
const refreshClaims = {
|
|
tibiId: customer.id,
|
|
bigCommerceId: customer.bigCommerceId,
|
|
r: 1,
|
|
}
|
|
const nextRefreshToken = context.jwt.create(refreshClaims, {
|
|
secret: jwtSecret,
|
|
validityDuration: refreshTokenMaxAge,
|
|
})
|
|
|
|
context.cookie.set("bkdfRefreshToken", nextRefreshToken, {
|
|
maxAge: refreshTokenMaxAge - 60 * 60, // 1h earlier expire
|
|
httpOnly: true,
|
|
path: "/api",
|
|
})
|
|
|
|
throw {
|
|
status: 200,
|
|
customer,
|
|
created: new Date(),
|
|
token,
|
|
log: false,
|
|
}
|
|
})()
|