co(function* () { let fbUserId = req.body.fbId, fbAccessToken = req.body.fbAccessToken, accessToken = req.body.accessToken; //check if all required params are given if (!accessToken && (!fbUserId || !fbAccessToken)) { console.error('API /auth: not enough params!', fbUserId, fbAccessToken, accessToken); return res.status(HttpStatus.BAD_REQUEST).json({}); } //find a user by his accessToken if (accessToken) { let user = yield User.getByAccessToken(accessToken); if (!user) { //TODO: use a notepadsUtils.blockUser(message) function instead //TODO: because this repeats with the logic in bootstrap.js: console.error(`Invalid access token ${accessToken}!`); return res.status(HttpStatus.UNAUTHORIZED).json({}); } //returns user name and photo to be used by the front-end client return res.status(HttpStatus.OK).json(user); } else { //find a user by his FB access token graph.setAppSecret(config.facebook.app.secret); graph.setAccessToken(fbAccessToken); let graphUser = yield graph.getAsync('me?fields=id,name,picture'); //when the given fb id and token mismatch: if (!graphUser || graphUser.id !== fbUserId) { console.error("Invalid user from fbAccessToken!"); return res.status(HttpStatus.UNAUTHORIZED).json({}); } let user = yield User.fb(fbUserId); if (user) { //user found by his FB access token, return the app's custom token return res.status(HttpStatus.OK).json({ accessToken: user.accessToken }); } else { //create a new user user = yield User.create({ facebookId: graphUser.id, name: graphUser.name, photo: graphUser.picture.data.url }); //pre-populate only for new users yield notepadsUtils.prepopulate(user._id); //success, return the app's custom token return res.status(HttpStatus.CREATED).json({ accessToken: user.accessToken }); } } }).catch(err => {
.then((id) => graph.getAsync(id + ''))