1 import { handleLogin, handleTokenRevocation } from '@server/lib/auth'
2 import * as RateLimit from 'express-rate-limit'
3 import { CONFIG } from '@server/initializers/config'
4 import * as express from 'express'
5 import { Hooks } from '@server/lib/plugins/hooks'
6 import { asyncMiddleware, authenticate } from '@server/middlewares'
7 import { ScopedToken } from '@shared/models/users/user-scoped-token'
8 import { v4 as uuidv4 } from 'uuid'
10 const tokensRouter = express.Router()
12 const loginRateLimiter = RateLimit({
13 windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
14 max: CONFIG.RATES_LIMIT.LOGIN.MAX
17 tokensRouter.post('/token',
23 tokensRouter.post('/revoke-token',
25 asyncMiddleware(handleTokenRevocation)
28 tokensRouter.get('/scoped-tokens',
33 tokensRouter.post('/scoped-tokens',
35 asyncMiddleware(renewScopedTokens)
38 // ---------------------------------------------------------------------------
43 // ---------------------------------------------------------------------------
45 function tokenSuccess (req: express.Request) {
46 const username = req.body.username
48 Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip })
51 function getScopedTokens (req: express.Request, res: express.Response) {
52 const user = res.locals.oauth.token.user
55 feedToken: user.feedToken
59 async function renewScopedTokens (req: express.Request, res: express.Response) {
60 const user = res.locals.oauth.token.user
62 user.feedToken = uuidv4()
66 feedToken: user.feedToken