joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds endpoint for non-revocable session token upgrade (#2646)

Browse Source
This commit is contained in:
Florent Vilmart
2016-09-09 14:48:06 -04:00
committed by GitHub
parent c5fdd91aa3
commit 340eb46fe1
4 changed files with 156 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/Routers/SessionsRouter.js
View File

@@ -3,6 +3,8 @@ import ClassesRouter from './ClassesRouter';
import PromiseRouter from '../PromiseRouter';
import rest from '../rest';
import Auth from '../Auth';
import RestWrite from '../RestWrite';
import { newToken } from '../cryptoUtils';
export class SessionsRouter extends ClassesRouter {
handleFind(req) {
@@ -51,12 +53,45 @@ export class SessionsRouter extends ClassesRouter {
});
}
handleUpdateToRevocableSession(req) {
const config = req.config;
const masterAuth = Auth.master(config)
const user = req.auth.user;
const expiresAt = config.generateSessionExpiresAt();
const sessionData = {
sessionToken: 'r:' + newToken(),
user: {
__type: 'Pointer',
className: '_User',
objectId: user.id
},
createdWith: {
'action': 'upgrade',
},
restricted: false,
installationId: req.auth.installationId,
expiresAt: Parse._encode(expiresAt)
};
const create = new RestWrite(config, masterAuth, '_Session', null, sessionData);
return create.execute().then(() => {
// delete the session token, use the db to skip beforeSave
return config.database.update('_User', {
objectId: user.id
}, {
sessionToken: {__op: 'Delete'}
});
}).then((res) => {
return Promise.resolve({ response: sessionData });
});
}
mountRoutes() {
this.route('GET', '/sessions', req => { return this.handleFind(req); });
this.route('GET', '/sessions/:objectId', req => { return this.handleGet(req); });
this.route('POST', '/sessions', req => { return this.handleCreate(req); });
this.route('PUT', '/sessions/:objectId', req => { return this.handleUpdate(req); });
this.route('DELETE', '/sessions/:objectId', req => { return this.handleDelete(req); });
this.route('POST', '/upgradeToRevocableSession', req => { return this.handleUpdateToRevocableSession(req); })
}
}