'use strict';const db = require('@arangodb').db;const joi = require('joi');co

1. 'use strict';
2. const db = require('@arangodb').db;
3. const joi = require('joi');
4. const createRouter = require('@arangodb/foxx/router');
5. const sessionsMiddleware = require('@arangodb/foxx/sessions');
6. const jwtStorage = require('@arangodb/foxx/sessions/storages/jwt');
7. const createAuth = require('@arangodb/foxx/auth');
8. const auth = createAuth();
9. const router = createRouter();
10.  
11. const sessions = sessionsMiddleware({
12. storage: jwtStorage({ secret: "Secret", ttl: 60 * 60 * 24 * 7 }),
13. ttl: 60 * 60 * 24 * 7, // one week in seconds
14. transport: 'header'
15. });
16.  
17. module.context.use(sessions);
18. module.context.use(router);
19.  
20. router.post('/signup', function (req, res) {
21. const user = req.body; // get the form defined in the body section below
22.  
23. try {
24. // Create an authentication hash
25. user.authData = auth.create(user.password);
26.  
27. // Delete plain password data
28. delete user.password;
29. delete user.password_confirmation;
30.  
31. // Validate user (for demo purpose)
32. user.a = true
33. const meta = db.users.save(user);
34. Object.assign(user, meta); // assign _key, _id to user
35. } catch (e) {
36. res.throw('bad request', 'Username already taken', e);
37. }
38. // Set the session uid
39. req.session.uid = user._key;
40. res.send({success: true});
41. })
42. .body(joi.object({
43. "fn": joi.string().required(),
44. "ln": joi.string().required(),
45. "username": joi.string().required(),
46. "password": joi.string().min(8).max(32).required(),
47. "password_confirmation": joi.string().required(),
48. }), 'Credentials')
49. .description('Creates a new user and logs them in.');
50.  
51. router.post('/login', function (req, res) {
52. // This may return a user object or null
53. const user = db.users.firstExample({
54. username: req.body.username,
55. a: true
56. });
57. const valid = auth.verify(
58. user ? user.authData : {},
59. req.body.password
60. );
61. // Log the user in
62. if(valid) {
63. req.session.uid = user._key;
64. }
65. // Corrs
66. res.setHeader("Access-Control-Expose-Headers", "X-Session-Id");
67. res.send({success: valid, uid: req.session});
68. })
69. .body(joi.object({
70. username: joi.string().required(),
71. password: joi.string().required()
72. }).required(), 'Credentials')
73. .description('Logs a registered user in.');
74.  
75. router.post('/logout', function (req, res) {
76. if (req.session.uid) {
77. req.session.uid = null;
78. }
79. res.send({success: true});
80. })
81. .description('Logs the current user out.');