feat: added password check route that returns a token on success

src/auth.ts

@@ -171,6 +171,24 @@ export const setUserPassword = (unid: string, password: string): Promise<User> =
 		.catch(reject);
 });
 
+/**
+ * Check a username & password, and return the token if it's correct
+ * @since v0.14.2
+ */
+export const checkUser = (username: string, password: string): Promise<string> => new Promise(async (resolve, reject) => {
+
+	// Find the user
+	const user = users.find((user) => user.username === username);
+	if (!user) return reject(new Error('User not found'));
+
+	// Check the password
+	const match = await bcrypt.compare(password, user.passhash);
+	if (!match) return reject(new Error('Incorrect password'));
+
+	// Return the token
+	resolve(user.token);
+});
+
 /**
  * Deletes a user account
  * @since v0.14.1

src/routers/api.ts

@@ -7,7 +7,7 @@
 import { MagicNumbers } from 'ass-json';
 import fs from 'fs-extra';
 import { Router, Request, Response, NextFunction } from 'express';
-import { findFromToken, setUserPassword, users, createNewUser, deleteUser, setUserMeta, deleteUserMeta, setUsername, resetToken, verifyCliKey } from '../auth';
+import { findFromToken, setUserPassword, users, createNewUser, deleteUser, setUserMeta, deleteUserMeta, setUsername, resetToken, checkUser, verifyCliKey } from '../auth';
 import { log, path } from '../utils';
 import { data } from '../data';
 import { User } from '../types/auth';
@@ -84,6 +84,16 @@ function buildUserRouter() {
 			.catch((err) => errorHandler(res, err));
 	});
 
+	// Check password (plaintext password in form data; HOST SHOULD BE USING HTTPS)
+	userRouter.post('/password/check', (req: Request, res: Response) => {
+		const username = req.body.username;
+		const password = req.body.password;
+
+		checkUser(username, password)
+			.then((result) => res.send(result))
+			.catch((err) => errorHandler(res, err));
+	});
+
 	// Create a new user
 	// Admin only
 	userRouter.post('/', adminAuthMiddleware, (req: Request, res: Response) => {