siimee/backend/lib/routes/user/validate-session.js

'use strict'

const Joi = require('joi')

const pluginConfig = {
    handlerType: 'jwt',
    docs: {
        get: {
            description: 'validates session token for each step of survey',
            notes: 'Validates session token for each step of survey',
        },
    },
}

const validators = {
    payload: Joi.string(),
}

module.exports = {
    method: 'POST',
    path: '/validate-session',
    options: {
        ...pluginConfig.docs.get,
        tags: ['api'],
        auth: false,
        cors: {
            headers: ['Authorization', 'Content-Type'],
            exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
        },
        handler: async function (request, h) {
            const hashedSessionToken = request.payload
            const { userService, profileService } = request.server.services()
            try {
                if (!hashedSessionToken) {
                    throw new Error('hashedSessionToken not passed!')
                }
                const userSession =
                    userService.activeSessions[hashedSessionToken]
                if (!userSession) {
                    throw new Error(
                        'hashedSessionToken not in activeSessions registry!',
                    )
                }
                if (!userSession.emailWasRespondedTo) {
                    throw new Error(
                        `Email was never responded to! ${userSession.emailWasRespondedTo}`,
                    )
                }
                if (!userSession.sessionToken) {
                    throw new Error(
                        `No session token in userSession ${userSession.sessionToken}`,
                    )
                }
                const sessionTokenIsValid = userService.validateToken(
                    userSession.sessionToken,
                )
                if (!sessionTokenIsValid.message) {
                    throw new Error(sessionTokenIsValid.message)
                }
                const validatedSessionInfo = sessionTokenIsValid
                    ? userSession
                    : { ...sessionTokenIsValid }

                if (validatedSessionInfo?.email)
                    throw new Error(
                        `Could not validate token based on payload: ${request.payload}`,
                    )

                const user = await userService.findByUserEmail(
                    validatedSessionInfo.email,
                )
                const type = user.is_poster === 1 ? 'poster' : 'seeker'
                const profiles = await profileService.getCompleteProfilesFor(
                    user.user_id,
                    type,
                )
                // TODO: handle user with multiple profiles...
                const profileId = profiles[0].profile_id
                return {
                    ok: true,
                    handler: pluginConfig.handlerType,
                    data: {
                        ...validatedSessionInfo,
                        profileId: profileId,
                    },
                }
            } catch (err) {
                return {
                    ok: false,
                    handler: pluginConfig.handlerType,
                    data: { error: err.message },
                }
            }
        },
        validate: {
            ...validators,
            failAction: 'log',
        },
        response: {
            schema: Joi.object({
                ok: Joi.bool(),
                handler: Joi.string(),
                data: Joi.object(),
            }).label('validate_session_res'),
            failAction: 'log',
        },
    },
}