budibase/packages/server/src/api/controllers/auth.js

const jwt = require("jsonwebtoken")
const CouchDB = require("../../db")
const ClientDb = require("../../db/clientDb")
const bcrypt = require("../../utilities/bcrypt")
const env = require("../../environment")

exports.authenticate = async ctx => {
  const { username, password } = ctx.request.body

  if (!username) ctx.throw(400, "Username Required.")
  if (!password) ctx.throw(400, "Password Required")

  // find the instance that the user is associated with
  const db = new CouchDB(ClientDb.name(env.CLIENT_ID))
  const appId = ctx.params.appId
  const app = await db.get(appId)
  const instanceId = app.userInstanceMap[username]

  if (!instanceId)
    ctx.throw(500, "User is not associated with an instance of app", appId)

  // Check the user exists in the instance DB by username
  const instanceDb = new CouchDB(instanceId)

  let dbUser
  try {
    dbUser = await instanceDb.get(`user_${username}`)
  } catch (_) {
    // do not want to throw a 404 - as this could be
    // used to dtermine valid usernames
    ctx.throw(401, "Invalid Credentials")
  }

  // authenticate
  if (await bcrypt.compare(password, dbUser.password)) {
    const payload = {
      userId: dbUser._id,
      accessLevelId: dbUser.accessLevelId,
      instanceId: instanceId,
    }

    const token = jwt.sign(payload, ctx.config.jwtSecret, {
      expiresIn: "1 day",
    })

    const ONE_DAY_FROM_NOW = new Date(Date.now() + 24 * 3600)

    ctx.cookies.set("budibase:token", token, { expires: ONE_DAY_FROM_NOW })

    ctx.body = {
      token,
      ...dbUser,
    }
  } else {
    ctx.throw(401, "Invalid credentials.")
  }
}
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const jwt = require("jsonwebtoken")`
			`const CouchDB = require("../../db")`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`const ClientDb = require("../../db/clientDb")`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const bcrypt = require("../../utilities/bcrypt")`
server tests in-memory and passing 2020-05-14 16:12:30 +02:00			`const env = require("../../environment")`
correct resource paths 2020-04-07 21:34:21 +02:00
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00			`exports.authenticate = async ctx => {`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const { username, password } = ctx.request.body`
backend allowing creation of models, records and databases 2020-04-20 17:17:11 +02:00
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`if (!username) ctx.throw(400, "Username Required.")`
			`if (!password) ctx.throw(400, "Password Required")`
correct resource paths 2020-04-07 21:34:21 +02:00
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`// find the instance that the user is associated with`
removing clientId from frontend, fixing invalid database name 2020-05-18 07:40:29 +02:00			`const db = new CouchDB(ClientDb.name(env.CLIENT_ID))`
lint 2020-06-03 21:44:35 +02:00			`const appId = ctx.params.appId`
			`const app = await db.get(appId)`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const instanceId = app.userInstanceMap[username]`
development setup, adding data components 2020-05-06 11:33:30 +02:00
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`if (!instanceId)`
			`ctx.throw(500, "User is not associated with an instance of app", appId)`
development setup, adding data components 2020-05-06 11:33:30 +02:00
			`// Check the user exists in the instance DB by username`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const instanceDb = new CouchDB(instanceId)`
development setup, adding data components 2020-05-06 11:33:30 +02:00
access levels 2020-05-27 18:23:01 +02:00			`let dbUser`
			`try {`
			dbUser = await instanceDb.get(`user_${username}`)
			`} catch (_) {`
			`// do not want to throw a 404 - as this could be`
			`// used to dtermine valid usernames`
			`ctx.throw(401, "Invalid Credentials")`
			`}`
development setup, adding data components 2020-05-06 11:33:30 +02:00
			`// authenticate`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00			`if (await bcrypt.compare(password, dbUser.password)) {`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const payload = {`
			`userId: dbUser._id,`
access levels 2020-05-27 18:23:01 +02:00			`accessLevelId: dbUser.accessLevelId,`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`instanceId: instanceId,`
			`}`
Auth working 2020-05-06 21:29:47 +02:00
			`const token = jwt.sign(payload, ctx.config.jwtSecret, {`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`expiresIn: "1 day",`
			`})`
removed core library 2020-05-06 21:49:21 +02:00
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const ONE_DAY_FROM_NOW = new Date(Date.now() + 24 * 3600)`

			`ctx.cookies.set("budibase:token", token, { expires: ONE_DAY_FROM_NOW })`
Auth working 2020-05-06 21:29:47 +02:00
development setup, adding data components 2020-05-06 11:33:30 +02:00			`ctx.body = {`
			`token,`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`...dbUser,`
			`}`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00			`} else {`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`ctx.throw(401, "Invalid credentials.")`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00			`}`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`}`