server/controllers/api/v1/users.js

   1 'use strict'
   2
   3 const config = require('config')
   4 const mongoose = require('mongoose')
   5 const express = require('express')
   6
   7 const oAuth = require('../../../middlewares').oauth
   8
   9 const Client = mongoose.model('OAuthClient')
  10
  11 const router = express.Router()
  12
  13 router.get('/client', getAngularClient)
  14 router.post('/token', oAuth.token, success)
  15 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged,, implement revoke token route
  16
  17 // ---------------------------------------------------------------------------
  18
  19 module.exports = router
  20
  21 // ---------------------------------------------------------------------------
  22
  23 function getAngularClient (req, res, next) {
  24   const serverHost = config.get('webserver.host')
  25   const serverPort = config.get('webserver.port')
  26   let headerHostShouldBe = serverHost
  27   if (serverPort !== 80 && serverPort !== 443) {
  28     headerHostShouldBe += ':' + serverPort
  29   }
  30
  31   // Don't make this check if this is a test instance
  32   if (process.env.NODE_ENV !== 'test' && req.get('host') !== headerHostShouldBe) {
  33     return res.type('json').status(403).end()
  34   }
  35
  36   Client.loadFirstClient(function (err, client) {
  37     if (err) return next(err)
  38     if (!client) return next(new Error('No client available.'))
  39
  40     res.json({
  41       client_id: client._id,
  42       client_secret: client.clientSecret
  43     })
  44   })
  45 }
  46
  47 function success (req, res, next) {
  48   res.end()
  49 }