API tools faq
paste
Advertisement
brooth

Untitled

brooth
Jan 18th, 2020
359
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 5.52 KB | None | 0 0
raw download clone embed print report
  1. 'use strict';
  2.  
  3. var express = require('express');
  4. global.fetch = require('node-fetch');
  5. var AmazonCognitoIdentity = require('amazon-cognito-identity-js');
  6. var crypto = require('crypto');
  7.  
  8. var app = express();
  9. app.use(express.json());
  10. app.use(express.urlencoded({ extended: false }));
  11.  
  12. // cognito
  13. var poolData = {
  14.   UserPoolId: 'ap-southeast-2_iBpyKm8vp',
  15.   ClientId: '5utvqfrnptv58060ah7i1q8hcf',
  16. };
  17. var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
  18.  
  19. app.post('/api/auth/sign-in', (req, res) => {
  20.   const countryId = req.body.countryId;
  21.   // todo: load country by id
  22.   const username = '+7' + req.body.phoneNumber;
  23.   const password = crypto.createHash('md5').update(req.body.phoneNumber).digest('hex');
  24.   const attributeList = [
  25.     new AmazonCognitoIdentity.CognitoUserAttribute({
  26.       Name: "phone_number",
  27.       Value: username,
  28.     }),
  29.   ]
  30.   userPool.signUp(username, password, attributeList, null, (err, result) => {
  31.     if (!err) {
  32.       // signed up succesfully, return CONFIRM_SIGNUP_REQUIRED
  33.       res.send({
  34.         status: 200,
  35.         entity: {
  36.           code: 'CONFIRM_SIGNUP_REQUIRED',
  37.           sub: cognitoUser.getUsername(),
  38.         }
  39.       });
  40.       return;
  41.     }
  42.     if (err.code == 'UsernameExistsException') {
  43.       var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails({
  44.         Username: username,
  45.         Password: password
  46.       });
  47.       var userData = {
  48.         Username: username,
  49.         Pool: userPool
  50.       };
  51.       var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
  52.       cognitoUser.authenticateUser(authenticationDetails, {
  53.         onSuccess: function (result) {
  54.           // MFA disabled, return AUTHENTICATED
  55.           res.send({
  56.             status: 200,
  57.             entity: {
  58.               code: 'AUTHENTICATED',
  59.               accessToken: result.getAccessToken().getJwtToken(),
  60.               idToken: result.getIdToken().getJwtToken(),
  61.               refreshToken: result.getRefreshToken().getToken(),
  62.             }
  63.           });
  64.         },
  65.         mfaRequired: function () {
  66.           // return MFA_REQUIRED
  67.           res.send({
  68.             status: 200,
  69.             entity: {
  70.               code: 'MFA_REQUIRED',
  71.               sub: cognitoUser.getUsername(),
  72.               mfaToken: cognitoUser.Session,
  73.             }
  74.           });
  75.         },
  76.         onFailure: function (err2) {
  77.           if (err2.code == 'UserNotConfirmedException') {
  78.             cognitoUser.resendConfirmationCode((err3, result3) => {
  79.               if (err3) {
  80.                 // todo: handle unknown error (err3)
  81.                 res.status(500).send(err3);
  82.                 return;
  83.               }
  84.               // signed up but not confimed, return CONFIRM_SIGNUP_REQUIRED
  85.               res.send({
  86.                 status: 200,
  87.                 entity: {
  88.                   code: 'CONFIRM_SIGNUP_REQUIRED',
  89.                   sub: cognitoUser.getUsername(),
  90.                 }
  91.               });
  92.             })
  93.             return;
  94.           }
  95.           // todo: handle unknown error (err2)
  96.           res.status(500).send(err2);
  97.         },
  98.       });
  99.       return;
  100.     }
  101.     // todo: handle unknown error (err)
  102.     res.status(500).send(err);
  103.     return;
  104.   });
  105. });
  106.  
  107. app.post('/api/auth/mfa', (req, res) => {
  108.   const smsCode = req.body.smsCode;
  109.   const username = req.body.sub;
  110.   var userData = { Username: username, Pool: userPool };
  111.   var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
  112.   cognitoUser.Session = req.body.mfaToken;
  113.   cognitoUser.sendMFACode(smsCode, {
  114.     onSuccess: (session) => {
  115.       res.send({
  116.         status: 200,
  117.         entity: {
  118.           accessToken: session.getAccessToken().getJwtToken(),
  119.           idToken: session.getIdToken().getJwtToken(),
  120.           refreshToken: session.getRefreshToken().getToken(),
  121.         }
  122.       });
  123.     },
  124.     onFailure: (err) => {
  125.       if (err.code === "CodeMismatchException") {
  126.         res.status(400).send({
  127.           status: 400,
  128.           code: 'INVALID_SMS_CODE'
  129.         });
  130.         return;
  131.       }
  132.       // todo: handle unknown error (err)
  133.       res.status(500).send(err);
  134.     }
  135.   })
  136. });
  137.  
  138. app.post('/api/auth/confirm-signup', (req, res) => {
  139.   const smsCode = req.body.smsCode;
  140.   const username = req.body.sub;
  141.   var userData = { Username: username, Pool: userPool };
  142.   var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
  143.  
  144.   cognitoUser.confirmRegistration(smsCode, false, (err, session) => {
  145.     if (err) {
  146.       if (err.code === "CodeMismatchException") {
  147.         res.status(400).send({
  148.           status: 400,
  149.           code: 'INVALID_SMS_CODE'
  150.         });
  151.         return;
  152.       }
  153.       // todo: handle unknown error (err)
  154.       res.status(500).send(err);
  155.       return;
  156.     }
  157.     cognitoUser.enableMFA((err2) => {
  158.       if (err2) {
  159.         // todo: handle unknown error (err2)
  160.         res.status(500).send(err2);
  161.         return;
  162.       }
  163.       res.send({
  164.         status: 200,
  165.         entity: {
  166.           accessToken: session.getAccessToken().getJwtToken(),
  167.           idToken: session.getIdToken().getJwtToken(),
  168.           refreshToken: session.getRefreshToken().getToken(),
  169.         }
  170.       });
  171.     });
  172.   });
  173. });
  174.  
  175. // catch 404 and forward to error handler
  176. app.use(function (req, res, next) {
  177.   next(createError(404));
  178. });
  179.  
  180. // error handler
  181. app.use(function (err, req, res, next) {
  182.   res.status(err.status || 500).body(err);
  183. });
  184.  
  185. app.listen(7755);
  186. console.log('info', `api running on port 7755`);
  187.  
  188. module.exports = app;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!