budibase/packages/auth/src/middleware/passport/local.js

const jwt = require("jsonwebtoken")
const { UserStatus } = require("../../constants")
const database = require("../../db")
const { StaticDatabases, generateUserID } = require("../../db/utils")
const { compare } = require("../../hashing")
const env = require("../../environment")

const INVALID_ERR = "Invalid Credentials"

exports.options = {}

/**
 * Passport Local Authentication Middleware.
 * @param {*} username - username to login with
 * @param {*} password - plain text password to log in with
 * @param {*} done - callback from passport to return user information and errors
 * @returns The authenticated user, or errors if they occur
 */
exports.authenticate = async function(username, password, done) {
  if (!username) return done(null, false, "Email Required.")
  if (!password) return done(null, false, "Password Required.")

  // Check the user exists in the instance DB by email
  const db = new database.CouchDB(StaticDatabases.USER.name)

  let dbUser
  try {
    dbUser = await db.get(generateUserID(username))
  } catch (err) {
    console.error("User not found", err)
    return done(null, false, { message: "User not found" })
  }

  // check that the user is currently inactive, if this is the case throw invalid
  if (dbUser.status === UserStatus.INACTIVE) {
    return done(null, false, { message: INVALID_ERR })
  }

  // authenticate
  if (await compare(password, dbUser.password)) {
    const payload = {
      userId: dbUser._id,
      builder: dbUser.builder,
      email: dbUser.email,
    }

    dbUser.token = jwt.sign(payload, env.JWT_SECRET, {
      expiresIn: "1 day",
    })
    // Remove users password in payload
    delete dbUser.password

    return done(null, dbUser)
  } else {
    done(new Error(INVALID_ERR), false)
  }
}
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00			`const jwt = require("jsonwebtoken")`
JWT auth on admin endpoints 2021-04-07 16:15:05 +02:00			`const { UserStatus } = require("../../constants")`
Fixing some issues with auth module. 2021-04-15 17:57:01 +02:00			`const database = require("../../db")`
JWT auth on admin endpoints 2021-04-07 16:15:05 +02:00			`const { StaticDatabases, generateUserID } = require("../../db/utils")`
			`const { compare } = require("../../hashing")`
Updating environment in auth package, easily see required env settings. 2021-04-14 15:13:48 +02:00			`const env = require("../../environment")`
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00
			`const INVALID_ERR = "Invalid Credentials"`

			`exports.options = {}`

			`/**`
			`* Passport Local Authentication Middleware.`
			`* @param {*} username - username to login with`
			`* @param {*} password - plain text password to log in with`
			`* @param {*} done - callback from passport to return user information and errors`
			`* @returns The authenticated user, or errors if they occur`
			`*/`
			`exports.authenticate = async function(username, password, done) {`
			`if (!username) return done(null, false, "Email Required.")`
			`if (!password) return done(null, false, "Password Required.")`

			`// Check the user exists in the instance DB by email`
Fixing some issues with auth module. 2021-04-15 17:57:01 +02:00			`const db = new database.CouchDB(StaticDatabases.USER.name)`
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00
			`let dbUser`
			`try {`
			`dbUser = await db.get(generateUserID(username))`
groundwork for budibase auth lib 2021-04-07 12:33:16 +02:00			`} catch (err) {`
			`console.error("User not found", err)`
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00			`return done(null, false, { message: "User not found" })`
			`}`

			`// check that the user is currently inactive, if this is the case throw invalid`
			`if (dbUser.status === UserStatus.INACTIVE) {`
			`return done(null, false, { message: INVALID_ERR })`
			`}`

			`// authenticate`
			`if (await compare(password, dbUser.password)) {`
			`const payload = {`
Authentication working on builder homepage, integration with currentapp middleware 2021-04-13 12:56:57 +02:00			`userId: dbUser._id,`
joi syntax, adding db user builder key to cookie 2021-04-14 14:22:57 +02:00			`builder: dbUser.builder,`
Updating environment in auth package, easily see required env settings. 2021-04-14 15:13:48 +02:00			`email: dbUser.email,`
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00			`}`

Updating environment in auth package, easily see required env settings. 2021-04-14 15:13:48 +02:00			`dbUser.token = jwt.sign(payload, env.JWT_SECRET, {`
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00			`expiresIn: "1 day",`
			`})`
groundwork for budibase auth lib 2021-04-07 12:33:16 +02:00			`// Remove users password in payload`
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00			`delete dbUser.password`
groundwork for budibase auth lib 2021-04-07 12:33:16 +02:00
basic couchDB authentication using passport 2021-04-01 21:34:43 +02:00			`return done(null, dbUser)`
			`} else {`
			`done(new Error(INVALID_ERR), false)`
			`}`
			`}`