jambonz-api-server/lib/routes/api/login.js

const router = require('express').Router();
const {getMysqlConnection} = require('../../db');
const {verifyPassword} = require('../../utils/password-utils');

const retrieveSql = 'SELECT * from users where name = ?';
const tokenSql = 'SELECT token from api_keys where account_sid IS NULL AND service_provider_sid IS NULL';


router.post('/', (req, res) => {
  const logger = req.app.locals.logger;
  const {username, password} = req.body;
  if (!username || !password) {
    logger.info('Bad POST to /login is missing username or password');
    return res.sendStatus(400);
  }

  getMysqlConnection((err, conn) => {
    if (err) {
      logger.error({err}, 'Error getting db connection');
      return res.sendStatus(500);
    }
    conn.query(retrieveSql, [username], async(err, results) => {
      conn.release();
      if (err) {
        logger.error({err}, 'Error getting db connection');
        return res.sendStatus(500);
      }
      if (0 === results.length) {
        logger.info(`Failed login attempt for user ${username}`);
        return res.sendStatus(403);
      }

      logger.info({results}, 'successfully retrieved account');
      const isCorrect = await verifyPassword(results[0].hashed_password, password);
      if (!isCorrect) return res.sendStatus(403);

      const force_change = !!results[0].force_change;

      getMysqlConnection((err, conn) => {
        if (err) {
          logger.error({err}, 'Error getting db connection');
          return res.sendStatus(500);
        }
        conn.query(tokenSql, (err, tokenResults) => {
          conn.release();
          if (err) {
            logger.error({err}, 'Error getting db connection');
            return res.sendStatus(500);
          }
          if (0 === tokenResults.length) {
            logger.error('Database has no admin token provisioned...run reset_admin_password');
            return res.sendStatus(500);
          }
          res.json({user_sid: results[0].user_sid, force_change, token: tokenResults[0].token});
        });
      });
    });
  });
});


module.exports = router;