2021-05-14 16:43:41 +02:00
|
|
|
const { Client, utils } = require("@budibase/auth/redis")
|
2021-05-05 13:11:06 +02:00
|
|
|
const { newid } = require("@budibase/auth").utils
|
|
|
|
|
2021-05-05 16:10:28 +02:00
|
|
|
function getExpirySecondsForDB(db) {
|
|
|
|
switch (db) {
|
|
|
|
case utils.Databases.PW_RESETS:
|
|
|
|
// a hour
|
|
|
|
return 3600
|
|
|
|
case utils.Databases.INVITATIONS:
|
|
|
|
// a day
|
|
|
|
return 86400
|
|
|
|
}
|
|
|
|
}
|
2021-05-05 13:11:06 +02:00
|
|
|
|
|
|
|
async function getClient(db) {
|
2021-05-05 13:11:31 +02:00
|
|
|
return await new Client(db).init()
|
2021-05-05 13:11:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
async function writeACode(db, value) {
|
|
|
|
const client = await getClient(db)
|
|
|
|
const code = newid()
|
2021-05-05 16:10:28 +02:00
|
|
|
await client.store(code, value, getExpirySecondsForDB(db))
|
2021-05-05 13:11:06 +02:00
|
|
|
client.finish()
|
|
|
|
return code
|
|
|
|
}
|
|
|
|
|
2021-05-05 16:10:28 +02:00
|
|
|
async function getACode(db, code, deleteCode = true) {
|
|
|
|
const client = await getClient(db)
|
|
|
|
const value = await client.get(code)
|
|
|
|
if (!value) {
|
|
|
|
throw "Invalid code."
|
|
|
|
}
|
|
|
|
if (deleteCode) {
|
|
|
|
await client.delete(code)
|
|
|
|
}
|
|
|
|
client.finish()
|
|
|
|
return value
|
|
|
|
}
|
|
|
|
|
2021-05-05 13:11:06 +02:00
|
|
|
/**
|
|
|
|
* Given a user ID this will store a code (that is returned) for an hour in redis.
|
|
|
|
* The user can then return this code for resetting their password (through their reset link).
|
|
|
|
* @param {string} userId the ID of the user which is to be reset.
|
|
|
|
* @return {Promise<string>} returns the code that was stored to redis.
|
|
|
|
*/
|
|
|
|
exports.getResetPasswordCode = async userId => {
|
|
|
|
return writeACode(utils.Databases.PW_RESETS, userId)
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Given a reset code this will lookup to redis, check if the code is valid and delete if required.
|
|
|
|
* @param {string} resetCode The code provided via the email link.
|
2021-05-05 16:10:28 +02:00
|
|
|
* @param {boolean} deleteCode If the code is used/finished with this will delete it - defaults to true.
|
2021-05-05 13:11:06 +02:00
|
|
|
* @return {Promise<string>} returns the user ID if it is found
|
|
|
|
*/
|
2021-05-05 16:10:28 +02:00
|
|
|
exports.checkResetPasswordCode = async (resetCode, deleteCode = true) => {
|
|
|
|
try {
|
|
|
|
return getACode(utils.Databases.PW_RESETS, resetCode, deleteCode)
|
|
|
|
} catch (err) {
|
|
|
|
throw "Provided information is not valid, cannot reset password - please try again."
|
2021-05-05 13:11:06 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generates an invitation code and writes it to redis - which can later be checked for user creation.
|
|
|
|
* @param {string} email the email address which the code is being sent to (for use later).
|
|
|
|
* @return {Promise<string>} returns the code that was stored to redis.
|
|
|
|
*/
|
|
|
|
exports.getInviteCode = async email => {
|
|
|
|
return writeACode(utils.Databases.INVITATIONS, email)
|
2021-05-05 13:11:31 +02:00
|
|
|
}
|
2021-05-05 16:10:28 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks that the provided invite code is valid - will return the email address of user that was invited.
|
|
|
|
* @param {string} inviteCode the invite code that was provided as part of the link.
|
|
|
|
* @param {boolean} deleteCode whether or not the code should be deleted after retrieval - defaults to true.
|
|
|
|
* @return {Promise<string>} If the code is valid then an email address will be returned.
|
|
|
|
*/
|
|
|
|
exports.checkInviteCode = async (inviteCode, deleteCode = true) => {
|
|
|
|
try {
|
|
|
|
return getACode(utils.Databases.INVITATIONS, inviteCode, deleteCode)
|
|
|
|
} catch (err) {
|
|
|
|
throw "Invitation is not valid or has expired, please request a new one."
|
|
|
|
}
|
|
|
|
}
|