wikijs/server/models/userKeys.js

/* global WIKI */

const Model = require('objection').Model
const moment = require('moment')
const nanoid = require('nanoid')

/**
 * Users model
 */
module.exports = class UserKey extends Model {
  static get tableName() { return 'userKeys' }

  static get jsonSchema () {
    return {
      type: 'object',
      required: ['kind', 'token', 'validUntil'],

      properties: {
        id: {type: 'integer'},
        kind: {type: 'string'},
        token: {type: 'string'},
        createdAt: {type: 'string'},
        validUntil: {type: 'string'}
      }
    }
  }

  static get relationMappings() {
    return {
      user: {
        relation: Model.BelongsToOneRelation,
        modelClass: require('./users'),
        join: {
          from: 'userKeys.userId',
          to: 'users.id'
        }
      }
    }
  }

  async $beforeInsert(context) {
    await super.$beforeInsert(context)

    this.createdAt = moment.utc().toISOString()
  }

  static async generateToken ({ userId, kind }, context) {
    const token = nanoid()
    await WIKI.models.userKeys.query().insert({
      kind,
      token,
      validUntil: moment.utc().add(1, 'days').toISOString(),
      userId
    })
    return token
  }

  static async validateToken ({ kind, token }, context) {
    const res = await WIKI.models.userKeys.query().findOne({ kind, token }).eager('user')
    if (res) {
      await WIKI.models.userKeys.query().deleteById(res.id)
      if (moment.utc().isAfter(moment.utc(res.validUntil))) {
        throw new WIKI.Error.AuthValidationTokenInvalid()
      }
      return res.user
    } else {
      throw new WIKI.Error.AuthValidationTokenInvalid()
    }
  }
}