27 lines
828 B
JavaScript
27 lines
828 B
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
verifyToken
|
|
};
|
|
|
|
const assert = require('assert'),
|
|
BoxError = require('./boxerror.js'),
|
|
safe = require('safetydance'),
|
|
tokens = require('./tokens.js'),
|
|
users = require('./users.js');
|
|
|
|
async function verifyToken(accessToken) {
|
|
assert.strictEqual(typeof accessToken, 'string');
|
|
|
|
const token = await tokens.getByAccessToken(accessToken);
|
|
if (!token) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'No such token');
|
|
|
|
const user = await users.get(token.identifier);
|
|
if (!user) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'User not found');
|
|
if (!user.active) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'User not active');
|
|
|
|
await safe(tokens.update(token.id, { lastUsedTime: new Date() })); // ignore any error
|
|
|
|
return user;
|
|
}
|