siimee/backend/lib/routes/user/validate-session.js

'use strict'

const Joi = require('joi')

const pluginConfig = {
    handlerType: 'jwt',
    docs: {
        get: {
            description: 'validates session token for each step of survey',
            notes: 'Validates session token for each step of survey',
        },
    },
}

const validators = {
    post: {
        payload: Joi.object({
            token: Joi.string(),
        }),
    },
}

module.exports = {
    method: 'POST',
    path: '/validate-session',
    options: {
        ...pluginConfig.docs.get,
        tags: ['api'],
        auth: false,
        cors: {
            headers: ['Authorization', 'Content-Type'],
            exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
        },
        handler: async function (request, h) {
            const hashedSessionToken = request.payload
            const { userService, profileService } = request.server.services()
            try {
                if (!hashedSessionToken) {
                    throw new Error('[API] hashedSessionToken not passed!')
                }
                const userSession =
                    userService.activeSessions[hashedSessionToken]
                if (!userSession) {
                    throw new Error(
                        '[API] hashedSessionToken not in activeSessions registry!',
                        userService.activeSessions,
                    )
                }
                if (!userSession.emailWasRespondedTo) {
                    throw new Error(
                        `[API] Email was never responded to! ${userSession.emailWasRespondedTo}`,
                    )
                }
                if (!userSession.sessionToken) {
                    throw new Error(
                        `[API] No session token in userSession ${userSession.sessionToken}`,
                    )
                }
                const sessionTokenIsValid = userService.validateToken(
                    userSession.sessionToken,
                )
                if (!sessionTokenIsValid) {
                    throw new Error(
                        `[API] Could not validate session token: ${userSession.sessionToken}`,
                    )
                }
                if (!userSession?.email)
                    throw new Error(
                        `[API] Could not validate token based on payload: ${request.payload}`,
                    )
                const user = await userService.findByUserEmail(
                    userSession.email,
                )
                const type = user.is_poster === 1 ? 'poster' : 'seeker'
                const profiles = await profileService.getCompleteProfilesFor(
                    user.user_id,
                    type,
                )
                // TODO: handle user with multiple profiles...
                const profileId = profiles[0].profile_id
                return {
                    ok: true,
                    handler: pluginConfig.handlerType,
                    data: {
                        ...userSession,
                        profileId: profileId,
                    },
                }
            } catch (err) {
                return {
                    ok: false,
                    handler: pluginConfig.handlerType,
                    data: { error: err.message },
                }
            }
        },
        validate: validators.post,
        response: {
            schema: Joi.object({
                ok: Joi.bool(),
                handler: Joi.string(),
                data: Joi.object(),
            }).label('validate_session_res'),
            failAction: 'log',
        },
    },
}