bsw/jbe@1309: if not request.is_post() then bsw/jbe@1309: return execute.view { module = "index", view = "405" } bsw/jbe@1309: end bsw/jbe@1309: bsw/jbe@1309: slot.set_layout(nil, "application/json") bsw/jbe@1309: bsw/jbe@1309: local function error_result(error_code, description) bsw/jbe@1309: local r = json.object() bsw/jbe@1309: r.error = error_code bsw/jbe@1309: r.error_description = description bsw/jbe@1309: slot.put_into("data", json.export(r)) bsw/jbe@1309: request.set_status("400 Bad Request") bsw/jbe@1309: end bsw/jbe@1309: bsw/jbe@1309: local access_token, access_token_err = util.get_access_token() bsw/jbe@1309: bsw/jbe@1309: if access_token_err then bsw/jbe@1309: if access_token_err == "header_and_param" then bsw/jbe@1309: return error_result("invalid_request", "Access token passed both via header and param") bsw/jbe@1309: end bsw/jbe@1309: error("Error in util.get_access_token") bsw/jbe@1309: end bsw/jbe@1309: bsw/jbe@1309: if not access_token then bsw/jbe@1309: return error_result("invalid_token", "No access token supplied") bsw/jbe@1309: end bsw/jbe@1309: bsw/jbe@1309: local token = Token:by_token_type_and_token("access", access_token) bsw/jbe@1309: bsw/jbe@1309: if not token then bsw/jbe@1309: return error_result("invalid_token", "Access token invalid") bsw/jbe@1309: end bsw/jbe@1309: bsw/jbe@1309: local scopes = {} bsw/jbe@1309: for scope in string.gmatch(token.scope, "[^ ]+") do bsw/jbe@1309: local match = string.match(scope, "(.+)_detached$") bsw/jbe@1309: scopes[match or scope] = true bsw/jbe@1309: end bsw/jbe@1309: local scope_list = {} bsw/jbe@1309: for scope in pairs(scopes) do bsw/jbe@1309: scope_list[#scope_list+1] = scope bsw/jbe@1309: end bsw/jbe@1309: table.sort(scope_list) bsw/jbe@1309: local scope = table.concat(scope_list, " ") bsw/jbe@1309: bsw/jbe@1309: local r = json.object() bsw/jbe@1309: r.scope = scope bsw@1515: bsw@1515: local expiry = db:query({ "SELECT FLOOR(EXTRACT(EPOCH FROM ? - now())) AS access_time_left", token.expiry }, "object") bsw@1515: r.expires_in = expiry.access_time_left bsw@1515: bsw/jbe@1309: r.member_id = token.member_id bsw/jbe@1309: if token.member.role then bsw/jbe@1309: r.member_is_role = true bsw/jbe@1309: end bsw/jbe@1309: if token.session then bsw/jbe@1309: r.real_member_id = token.session.real_member_id bsw/jbe@1309: end bsw/jbe@1309: bsw/jbe@1309: if param.get("include_member", atom.boolean) then bsw/jbe@1309: if scopes.identification or scopes.authentication then bsw/jbe@1309: local member = token.member bsw/jbe@1309: r.member = json.object{ bsw/jbe@1309: id = member.id, bsw/jbe@1309: name = member.name, bsw/jbe@1309: } bsw/jbe@1309: if token.session and token.session.real_member then bsw/jbe@1309: r.real_member = json.object{ bsw/jbe@1309: id = token.session.real_member.id, bsw/jbe@1309: name = token.session.real_member.name, bsw/jbe@1309: } bsw/jbe@1309: end bsw/jbe@1309: if scopes.identification then bsw/jbe@1309: r.member.identification = member.identification bsw/jbe@1309: if token.session and token.session.real_member then bsw/jbe@1309: r.real_member.identification = token.session.real_member.identification bsw/jbe@1309: end bsw/jbe@1309: end bsw/jbe@1309: if param.get("include_member_notify_email", atom.boolean) then bsw/jbe@1309: r.member.notify_email = member.notify_email bsw/jbe@1309: end bsw/jbe@1309: end bsw/jbe@1309: end bsw/jbe@1309: bsw/jbe@1309: r.logged_in = token.session_id and true or false bsw/jbe@1309: slot.put_into("data", json.export(r)) bsw/jbe@1309: bsw/jbe@1309: bsw/jbe@1309: