IBCornelsen/online-energieausweis
1
0
Fork 0
Code Issues 272 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update Authentication + Build Script

Browse Source
This commit is contained in:
Moritz Utcke
2023-05-18 14:01:54 +04:00
parent 5559f5ca4d
commit 492b790527
22 changed files with 276 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/pages/api/token.ts Normal file
View File

@@ -0,0 +1,34 @@
import type { APIRoute } from "astro";
import { success, MissingPropertyError, error } from "../../lib/APIResponse";
import { validatePassword, hashPassword } from "../../lib/Password";
import { User } from "../../lib/User";
import moment from "moment";
import { encodeToken } from "../../lib/JsonWebToken";
/**
* Ruft einen Nutzer anhand seiner uid aus der Datenbank ab.
* @param param0 Die Request mit dem request body. Dieser enthält entweder eine uid mit der der Benutzer identifiziert werden kann.
*/
export const post: APIRoute = async ({ request }) => {
const body = await request.json();
if (!body.hasOwnProperty("email") || !body.hasOwnProperty("password")) {
return MissingPropertyError(["email", "password"]);
}
const user = await User.fromEmail(body.email);
if (!user) {
return error(["Invalid email or password."]);
}
// Validate Password
if (!validatePassword(user.passwort, body.password)) {
return error(["Invalid email or password."]);
}
const expiry = moment().add(2, "days").unix();
const token = encodeToken({ id: user.id, uid: user.uid, exp: expiry })
return success({ token, expires: expiry });
}

9
src/pages/api/zip.ts
View File

@@ -1,12 +1,19 @@
import type { APIRoute } from "astro";
import { success, MissingPropertyError, MissingEntityError, InvalidDataError } from "../../lib/APIResponse";
import { success, MissingPropertyError, MissingEntityError, InvalidDataError, error } from "../../lib/APIResponse";
import { ZIPInformation } from "src/lib/ZIPInformation";
import { validateAuthorizationHeader } from "src/lib/server/Authorization";
/**
* Ruft einen Nutzer anhand seiner uid aus der Datenbank ab.
* @param param0 Die Request mit dem request body. Dieser enthält entweder eine uid mit der der Benutzer identifiziert werden kann.
*/
export const get: APIRoute = async ({ request }) => {
const user = await validateAuthorizationHeader(request, ["Bearer", "Basic"]);
if (!user) {
return error(["Invalid authentication credentials!"]);
}
const body = Object.fromEntries(new URLSearchParams(request.url.split("?")[1]))
let result;