server/controllers/api/users/token.ts

   1 import { handleIdAndPassLogin, handleTokenRevocation } from '@server/lib/auth'
   2 import * as RateLimit from 'express-rate-limit'
   3 import { CONFIG } from '@server/initializers/config'
   4 import * as express from 'express'
   5 import { Hooks } from '@server/lib/plugins/hooks'
   6 import { asyncMiddleware, authenticate } from '@server/middlewares'
   7
   8 const tokensRouter = express.Router()
   9
  10 const loginRateLimiter = RateLimit({
  11   windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
  12   max: CONFIG.RATES_LIMIT.LOGIN.MAX
  13 })
  14
  15 tokensRouter.post('/token',
  16   loginRateLimiter,
  17   handleIdAndPassLogin,
  18   tokenSuccess
  19 )
  20
  21 tokensRouter.post('/revoke-token',
  22   authenticate,
  23   asyncMiddleware(handleTokenRevocation),
  24   tokenSuccess
  25 )
  26
  27 // ---------------------------------------------------------------------------
  28
  29 export {
  30   tokensRouter
  31 }
  32 // ---------------------------------------------------------------------------
  33
  34 function tokenSuccess (req: express.Request) {
  35   const username = req.body.username
  36
  37   Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip })
  38 }