filestash/server/ctrl/session.js

var express = require('express'),
    app = express.Router(),
    crypto = require('../utils/crypto'),
    Session = require('../model/session'),
    http = require('request-promise');

app.get('/', function(req, res){
    let data = crypto.decrypt(req.cookies.auth);
    if(data && data.type){
        res.send({status: 'ok', result: true})
    }else{
        res.send({status: 'ok', result: false})
    }
});

app.post('/', function(req, res){
    Session.test(req.body)
        .then((state) => {
            if(!state.path) state.path = "";
            else{ state.path = state.path.replace(/\/$/, ''); }
            let persist = {
                type: req.body.type,
                payload: state
            };
            const cookie = crypto.encrypt(persist);
            if(Buffer.byteLength(cookie, 'utf-8') > 4096){
                res.status(413).send({status: 'error', message: 'we can\'t authenticate you'})
            }else{
                res.cookie('auth', crypto.encrypt(persist), { maxAge: 365*24*60*60*1000, httpOnly: true, path: "/api/" });
                res.send({status: 'ok'});
            }
        })
        .catch((err) => {
            let message = function(err){
                let t = err && err.message || 'could not establish a connection';
                if(err.code){
                    t += ' ('+err.code+')';
                }
                return t;
            }
            res.status(401).send({status: 'error', message: message(err), code: err.code});
        });
});

app.delete('/', function(req, res){
    res.clearCookie("auth", {path: "/api/"});

    // TODO in May 2019: remove the line below which was inserted to mitigate a cookie migration issue.
    res.clearCookie("auth"); // the issue was a change in the cookie path which would have make
                             // impossible for an existing user to logout
    res.send({status: 'ok'});
});

app.get('/auth/:id', function(req, res){
    Session.auth({type: req.params.id})
        .then((url) => {
            res.send({status: 'ok', result: url});
        })
        .catch((err) => {
            res.status(404).send({status: 'error', message: 'can\'t get authorization url', trace: err});
        });
});

module.exports = app;