-
-
Save smoebody/ec7eebc200b031ec44f5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var mongoose = require('mongoose') | |
, Schema = mongoose.Schema | |
, createdModifiedPlugin = require('mongoose-createdmodified').createdModifiedPlugin | |
, crypto = require('crypto') | |
, _ = require('underscore') | |
var TOKEN_SIZE = 16, | |
TOKEN_PATTERN = /^[0-9A-Fa-f]+$/; | |
var TokenSchema = new Schema({ | |
token: { | |
type: String, | |
match: TOKEN_PATTERN, | |
unique: true, | |
index: true | |
}, | |
user: { | |
type: Schema.ObjectId, | |
ref: "User", | |
required: true, | |
index: true | |
}, | |
client: { | |
type: Schema.ObjectId, | |
ref: "Client", | |
required: true, | |
index: true | |
}, | |
activated: { | |
type: Boolean, | |
index: true, | |
default: false | |
} | |
}); | |
TokenSchema.plugin(createdModifiedPlugin); | |
TokenSchema.statics.newInstance = function (user, client, cb) { | |
if (!user || !client) return cb(new Error('[newInstance] invalid obj')); | |
var self = this; | |
this.generateToken(function (err, token) { | |
if (err) return cb(err); | |
var token = new self({ | |
token: token, | |
user: user, | |
client: client | |
}); | |
cb(err, token); | |
}); | |
}; | |
TokenSchema.statics.generateToken = function (cb) { | |
crypto.randomBytes(TOKEN_SIZE, function (ex, buf) { | |
if (ex) return cb(new Error('[generateToken] cannot generate token')); | |
var token = buf.toString('hex'); | |
console.log('[generateToken] token=' + token); | |
return cb(null, token); | |
}); | |
}; | |
mongoose.model('Token', TokenSchema); | |
exports.authorize = function (req, res, next) { | |
if (!req.client && !req.user) { | |
console.log('[authorize] invalid arguments: client and user'); | |
return res.send(400); | |
} | |
Token.findOne({ user: req.user, client: req.client, activated: true }, function (err, token) { | |
if (err) return next(err); | |
if (!token) { | |
// create new token | |
Token.newInstance(req.user, req.client, function (err, token) { | |
if (err) return next(err); | |
if (!token) return res.send(500); | |
token.save(function (err, token) { | |
if (err) return next(err); | |
if (!token) res.send(500); | |
res.json({ | |
user: token.user, | |
code: token.token, | |
grant_type: "authorization_code" | |
}); | |
}); | |
}); | |
} else { | |
// use exisiting token | |
res.json({ | |
user: token.user, | |
code: token.token, | |
grant_type: "authorization_code" | |
}); | |
} | |
}); | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
the authorize method is called by
express
. the params are therequest
object, theresponse
object and thenext()
method.the
res.body
object in mongoose v3.8.x looks like this:in mongoose v4.0.1 it looks like this: