Add initial auth module implementation

Author: tshemsedinov

api/.eslintrc.json

@@ -5,7 +5,12 @@
   "globals": {
     "api": "readonly",
     "db": "readonly",
-    "common": "readonly"
+    "common": "readonly",
+    "domain": "readonly",
+    "lib": "readonly",
+    "context": "readonly",
+    "config": "readonly",
+    "metarhia": "readonly"
   },
   "rules": {
     "strict": ["error", "never"],

api/auth/provider.js

@@ -0,0 +1,33 @@
+({
+  generateToken() {
+    const { characters, secret, length } = config.sessions;
+    return metarhia.metautil.generateToken(secret, characters, length);
+  },
+
+  saveSession(token, data) {
+    db.pg.update('Session', { data: JSON.stringify(data) }, { token });
+  },
+
+  startSession(token, data, fields = {}) {
+    const record = { token, data: JSON.stringify(data), ...fields };
+    db.pg.insert('Session', record);
+  },
+
+  async restoreSession(token) {
+    const record = await db.pg.row('Session', ['data'], { token });
+    if (record && record.data) return record.data;
+    return null;
+  },
+
+  deleteSession(token) {
+    db.pg.delete('Session', { token });
+  },
+
+  async registerUser(login, password) {
+    return db.pg.insert('Account', { login, password });
+  },
+
+  async getUser(login) {
+    return db.pg.row('Account', { login });
+  },
+});

api/auth/register.js

@@ -0,0 +1,9 @@
+({
+  access: 'public',
+  method: async ({ login, password, fullName }) => {
+    const hash = await metarhia.metautil.hashPassword(password);
+    await api.auth.provider.registerUser(login, hash, fullName);
+    const token = await context.client.startSession();
+    return { status: 'success', token };
+  },
+});

api/auth/restore.js

@@ -1,4 +1,11 @@
-async ({ token }) => {
-  console.log({ method: 'auth.restore', token });
-  return { status: 'ok' };
-};
+({
+  access: 'public',
+  method: async ({ token }) => {
+    const restored = context.client.restoreSession(token);
+    if (restored) return { status: 'logged' };
+    const data = await api.auth.provider.restoreSession(token);
+    if (!data) return { status: 'not logged' };
+    context.client.startSession(token, data);
+    return { status: 'logged' };
+  },
+});

api/auth/signin.js

@@ -1,7 +1,17 @@
 ({
   access: 'public',
   method: async ({ login, password }) => {
-    console.log({ method: 'auth.signin', login, password });
-    return { status: 'ok', token: '--no-token-provided--' };
+    const user = await api.auth.provider.getUser(login);
+    if (!user) throw new Error('Incorrect login or password');
+    const { accountId, password: hash } = user;
+    const valid = await metarhia.metautil.validatePassword(password, hash);
+    if (!valid) throw new Error('Incorrect login or password');
+    console.log(`Logged user: ${login}`);
+    const token = api.auth.provider.generateToken();
+    const data = { accountId: user.accountId };
+    context.client.startSession(token, data);
+    const { ip } = context.client;
+    api.auth.provider.startSession(token, data, { ip, accountId });
+    return { status: 'logged', token };
   },
 });