web-planer/backend/app/controllers/auth_controller.ts at ef1525ab1d8cc4e07035d16f7d2b02c05a85f97d · Solvro/web-planer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
import { DateTime } from "luxon";
import crypto from "node:crypto";

import { HttpContext } from "@adonisjs/core/http";
import mail from "@adonisjs/mail/services/main";

import User from "#models/user";
import { getOtpValidator, verifyOtpValidator } from "#validators/otp";

import { createClient } from "../usos/usos_client.js";

export default class AuthController {
  async loginWithUSOS({ request, response, auth }: HttpContext) {
    const { accessToken, accessSecret } = request.only([
      "accessToken",
      "accessSecret",
    ]) as { accessToken: string; accessSecret: string };
    const usosClient = createClient({
      token: accessToken,
      secret: accessSecret,
    });
    const profile = await usosClient.get<{
      id: string;
      student_number: string;
      first_name: string;
      last_name: string;
      photo_urls: Record<string, string>;
    }>("users/user?fields=id|student_number|first_name|last_name|photo_urls");
    const user = await User.updateOrCreate(
      { studentNumber: profile.student_number },
      {
        usosId: profile.id,
        firstName: profile.first_name,
        lastName: profile.last_name,
        avatar: profile.photo_urls["50x50"],
        verified: true,
      },
    );

    await auth.use("jwt").generate(user);

    return response.ok({
      ...user.serialize(),
    });
  }

  async getOTP({ request, response }: HttpContext) {
    const data = request.all();
    const { email } = await getOtpValidator.validate(data);
    const studentNumber = email.split("@")[0];
    let user = await User.findBy("studentNumber", studentNumber);
    if (user === null) {
      user = await User.create({
        usos_id: "",
        studentNumber,
        firstName: "",
        lastName: "",
        avatar: "",
        verified: false,
      });
    }

    const otp = crypto.randomInt(100000, 999999);
    user.otpCode = otp.toString();
    user.otpAttempts = 0;
    user.otpExpire = DateTime.now().plus({ minutes: 15 });
    await user.save();

    await mail.send((message) => {
      message
        .from("Solvro Planer <planer@solvro.pl>")
        .to(email)
        .subject("Zweryfikuj adres email")
        .text(`Twój kod weryfikacyjny to: ${otp}`)
        .html(`<h1>Twój kod weryfikacyjny to: ${otp}</h1>`);
    });

    return response.ok({
      success: true,
      message: "Wysłano kod weryfikacyjny",
    });
  }

  async verifyOTP({ request, response, auth }: HttpContext) {
    const data = request.all();
    const { email, otp } = await verifyOtpValidator.validate(data);
    const user = await User.query()
      .where("studentNumber", email.split("@")[0])
      .where("otp_expire", ">", new Date())
      .first();
    if (user === null) {
      return response.unauthorized({
        message: "Logowanie nieudane.",
        error: "Invalid OTP",
      });
    }

    if (user.blocked) {
      return response.unauthorized({
        message:
          "Twoje konto zostało zablokowane na logowanie OTP. Skontaktuj się z administratorem.",
        error: "User is blocked",
      });
    }

    if (user.otpCode !== otp.toString()) {
      user.otpAttempts += 1;
      await user.save();
      if (user.otpAttempts >= 5) {
        user.otpCode = null;
        user.otpExpire = null;
        user.blocked = true;
        await user.save();
        return response.unauthorized({
          message:
            "Logowanie nieudane. Twoje konto zostało zablokowane na logowanie poprzez OTP.",
          error: "Too many attempts",
        });
      }
      return response.unauthorized({
        message: "Logowanie nieudane.",
        error: "Invalid OTP",
      });
    }

    await auth.use("jwt").generate(user);

    let isNewAccount = false;
    if (user.verified === false) {
      isNewAccount = true;
    }
    user.verified = true;
    user.otpCode = null;
    user.otpExpire = null;
    await user.save();

    return response.ok({
      success: true,
      user: user.serialize(),
      isNewAccount,
    });
  }

  async logout({ response }: HttpContext) {
    response.clearCookie("token");

    return response.ok({ message: "Successfully logged out" });
  }
}