auth: login through vk iframe

backend/routes/auth.js

@@ -3,6 +3,7 @@ const guest = require('./auth/guest');
 const list = require('./auth/list');
 const check = require('./auth/check');
 const vk = require('./auth/social/vk');
+const iframe_vk = require('./auth/iframe/vk');
 
 const router = express.Router();
 
@@ -10,5 +11,6 @@ router.get('/', check);
 router.get('/list', list);
 router.get('/guest', guest);
 router.get('/social/vk', vk);
+router.get('/iframe/vk', iframe_vk);
 
 module.exports = router;

backend/routes/auth/iframe/vk.js

@@ -0,0 +1,18 @@
+const { User } = require('../../../models');
+const { CONFIG } = require('../../../../config/backend');
+const md5 = require('js-md5');
+const { generateRandomUrl } = require('../guest');
+
+module.exports = async (req, res) => {
+  const { query: { viewer_id, auth_key } } = req;
+
+  const checksum = md5(`${CONFIG.SOCIAL.VK_IFRAME.APP_ID}_${viewer_id}_${CONFIG.SOCIAL.VK_IFRAME.SECRET}`);
+
+  if (checksum !== auth_key) return res.send({ success: false, error: 'cant login or no such user' });
+
+  const user = await User.findOne({ _id: `vk:${viewer_id}` }).populate('routes');
+
+  const random_url = await generateRandomUrl();
+  return res.send({ success: true, user: { ...user.toObject(), id: user._id, random_url } });
+};
+