Implement both tokens and rate limiting to API

Closes #141, but still needs better UI on failure
2017-10-12 16:24:12 +02:00
parent 1d2de197a4
commit b308595dac
6 changed files with 161 additions and 4 deletions
--- a/rpg-docs/Model/Users/Users.js
+++ b/rpg-docs/Model/Users/Users.js
@@ -1,3 +1,75 @@
+Schemas.UserProfile = new SimpleSchema({
+	username: {
+		type: String,
+		optional: true,
+	},
+});
+
+Schemas.User = new SimpleSchema({
+	username: {
+		type: String,
+		optional: true,
+	},
+	profile: {
+		type: Schemas.UserProfile,
+		optional: true,
+	},
+	emails: {
+		type: Array,
+		optional: true,
+	},
+	"emails.$": {
+		type: Object,
+	},
+	"emails.$.address": {
+		type: String,
+		regEx: SimpleSchema.RegEx.Email,
+	},
+	"emails.$.verified": {
+		type: Boolean,
+	},
+	registered_emails: {
+		type: Array,
+		optional: true,
+	},
+	"registered_emails.$": {
+		type: Object,
+		blackbox: true,
+	},
+	createdAt: {
+		type: Date
+	},
+	services: {
+		type: Object,
+		optional: true,
+		blackbox: true,
+	},
+	roles: {
+		type: Object,
+		optional: true,
+		blackbox: true,
+	},
+	roles: {
+		type: Array,
+		optional: true,
+	},
+	"roles.$": {
+		type: String
+	},
+	// In order to avoid an 'Exception in setInterval callback' from Meteor
+	heartbeat: {
+		type: Date,
+		optional: true,
+	},
+	apiKey: {
+		type: String,
+		index: 1,
+		optional: true,
+	},
+});
+
+Meteor.users.attachSchema(Schemas.User);
+
 Meteor.users.allow({
 	update: function(userId, doc, fields, modifier) {
 		if (
@@ -21,3 +93,13 @@ Meteor.users.allow({
 		}
 	}
 });
+
+if (Meteor.isServer) Meteor.methods({
+	generateMyApiKey() {
+		var user = Meteor.users.findOne(this.userId);
+		if (!user) return;
+		if (user && user.apiKey) return;
+		var apiKey = Random.id(30);
+		Meteor.users.update(this.userId, {$set: {apiKey}});
+	},
+});