Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
router.post('/refresh-token', async (req, res, next) => {
// validate username and password
const schema = Joi.object().keys({
refresh_token: Joi.string().required(),
});
const { error, value } = schema.validate(req.body);
if (error) {
return next(Boom.badRequest(error.details[0].message));
}
const { refresh_token } = value;
let query = `
query get_refresh_token(
$refresh_token: uuid!,
$current_timestampz: timestamptz!,
) {
refresh_tokens: ${schema_name}refresh_tokens (
where: {
_and: [{
refresh_token: { _eq: $refresh_token }
}, {
user: { active: { _eq: true }}
}, {
handler (request, h) {
const { ipfs } = request.server.app
const { key } = request.pre.args
const options = {
recursive: request.query.recursive,
format: request.query.format,
edges: request.query.edges,
unique: request.query.unique,
maxDepth: request.query['max-depth']
}
// have to do this here otherwise the validation error appears in the stream tail and
// this doesn't work in browsers: https://github.com/ipfs/js-ipfs/issues/2519
if (options.edges && options.format !== Format.default) {
throw Boom.badRequest('Cannot set edges to true and also specify format')
}
return streamResponse(request, h, async (output) => {
for await (const ref of ipfs._refsAsyncIterator(key, options)) {
output.write(
JSON.stringify({
Ref: ref.ref,
Err: ref.err
}) + '\n'
)
}
})
}
}
internals.Socket.prototype._authenticate = async function (request) {
await this._authByCookie();
if (!request.auth &&
!this.auth.isAuthenticated &&
this._listener._authRequired()) {
throw Boom.unauthorized('Connection requires authentication');
}
if (request.auth &&
request.type !== 'reauth' &&
this.auth.isAuthenticated) { // Authenticated using a cookie during upgrade
throw Boom.badRequest('Connection already authenticated');
}
clearTimeout(this.auth._initialAuthTimeout);
this.auth._initialAuthTimeout = null;
if (request.auth) {
const config = this._listener._settings.auth;
if (config.type === 'direct') {
const route = this.server.lookup(config.id);
request.auth.headers = request.auth.headers || {};
request.auth.headers['x-forwarded-for'] = this.info['x-forwarded-for'];
const res = await this.server.inject({ url: route.path, method: 'auth', headers: request.auth.headers, remoteAddress: this.info.remoteAddress, allowInternals: true, validate: false });
if (res.statusCode !== 200) {
throw Boom.unauthorized(res.result.message);
}
const keyFunc = async function (decoded) {
if (decoded.tenant) {
const key = multiTenantSecretKeys[decoded.tenant];
if (key) {
return {key, additional: 'something extra here if needed' };
}
else {
throw Boom.unauthorized('Key not found');
}
}
else {
throw Boom.badRequest('Tenant was not specified in token payload');
}
};
const keyFunc = function (decoded) {
if (decoded.tenant) {
const keys = multiTenantSecretKeys[decoded.tenant];
if (keys) {
return {key: keys, additional: 'something extra here if needed' };
}
else {
throw Boom.unauthorized('Key not found');
}
}
else {
throw Boom.badRequest('Tenant was not specified in token payload');
}
};
parseArgs: (request, reply) => {
if (!(request.query.arg instanceof Array) ||
request.query.arg.length !== 3) {
throw Boom.badRequest("Arguments 'root', 'name' & 'ref' are required")
}
if (!request.query.arg[0]) {
throw Boom.badRequest('cannot create link with no root')
}
if (!request.query.arg[1]) {
throw Boom.badRequest('cannot create link with no name!')
}
if (!request.query.arg[2]) {
throw Boom.badRequest('cannot create link with no ref')
}
try {
return {
isInWilayasRange: (req, res, next) => {
const { matricule } = req.params;
const { error } = WilayaValidator.isInWilayasRange(matricule);
if (error) {
return next(boom.badRequest('Bad request! "matricule" parameter must be a number between 1 and 48'));
}
return next();
},
isValidPhoneCode: (req, res, next) => {
}
if (typeof request.payload !== "object" || request.payload === null)
return Boom.badRequest("invalid request")
if (typeof request.payload.cmd !== "string")
return Boom.badRequest("invalid request")
if (request.payload.cmd === "PING")
return { result: "PONG" }
else if (request.payload.cmd === "AWAKE-ALL") {
var peers = request.websocket().peers
peers.forEach((peer) => {
peer.send(JSON.stringify({ cmd: "AWAKE" }))
})
return ""
}
else
return Boom.badRequest("unknown command")
}
})
validateSignupBody: (req, res, next) => {
const { error } = UserValidators.validateSignupBody(req.body);
if (error) {
return next(boom.badRequest(error));
}
return next();
},
};
const { Users } = this.server.models();
const { emailService } = this.server.services();
const rawResetToken = Buffer.from(Uuid({ rng: Uuid.nodeRNG }));
const hash = await this.pwd.hash(rawResetToken);
const patchedUser = await Users.query()
.patch({ 'password': null, resetToken: hash.toString('utf8') })
.where({ email })
.first()
.returning('*');
if (!patchedUser) {
throw Boom.badRequest('Unable to intiate password reset');
}
const resetUrl = this.options.siteUrl + '/password-reset/' + rawResetToken;
await emailService.send('password-reset', patchedUser, { resetUrl });
return null;
}