From 46ddcdce2c450bc604061001eea2c91873eaf4a7 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 7 Apr 2021 15:15:05 +0100 Subject: [PATCH] JWT auth on admin endpoints --- packages/auth/src/index.js | 3 +-- packages/auth/src/middleware/authenticated.js | 2 +- packages/auth/src/middleware/index.js | 6 ++--- .../src/middleware/{ => passport}/google.js | 2 +- .../auth/src/middleware/{ => passport}/jwt.js | 5 +--- .../src/middleware/{ => passport}/local.js | 8 +++--- .../worker/src/api/controllers/admin/auth.js | 25 ++++++++++--------- packages/worker/src/api/routes/admin/index.js | 15 ++++++++--- 8 files changed, 35 insertions(+), 31 deletions(-) rename packages/auth/src/middleware/{ => passport}/google.js (91%) rename packages/auth/src/middleware/{ => passport}/jwt.js (71%) rename packages/auth/src/middleware/{ => passport}/local.js (88%) diff --git a/packages/auth/src/index.js b/packages/auth/src/index.js index 778d4fb32e..3088008086 100644 --- a/packages/auth/src/index.js +++ b/packages/auth/src/index.js @@ -5,7 +5,6 @@ const JwtStrategy = require("passport-jwt").Strategy const CouchDB = require("./db") const { StaticDatabases } = require("./db/utils") const { jwt, local, google } = require("./middleware") -const hashing = require("./hashing") // Strategies passport.use(new LocalStrategy(local.options, local.authenticate)) @@ -26,6 +25,6 @@ passport.deserializeUser(async (user, done) => { } }) -// exports.hashing = hashing +// exports.Cookies = Cookies module.exports = passport diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js index f7ff086b67..7797649b18 100644 --- a/packages/auth/src/middleware/authenticated.js +++ b/packages/auth/src/middleware/authenticated.js @@ -22,7 +22,7 @@ module.exports = async (ctx, next) => { const cookieAppId = ctx.cookies.get(Cookies.CurrentApp) // const builtinRoles = getBuiltinRoles() if (appId && cookieAppId !== appId) { - setCookie(ctx, appId, "currentapp") + setCookie(ctx, appId, Cookies.CurrentApp) } else if (cookieAppId) { appId = cookieAppId } diff --git a/packages/auth/src/middleware/index.js b/packages/auth/src/middleware/index.js index a9d07516ed..9d822e5937 100644 --- a/packages/auth/src/middleware/index.js +++ b/packages/auth/src/middleware/index.js @@ -1,6 +1,6 @@ -const jwt = require("./jwt") -const local = require("./local") -const google = require("./google") +const jwt = require("./passport/jwt") +const local = require("./passport/local") +const google = require("./passport/google") module.exports = { google, diff --git a/packages/auth/src/middleware/google.js b/packages/auth/src/middleware/passport/google.js similarity index 91% rename from packages/auth/src/middleware/google.js rename to packages/auth/src/middleware/passport/google.js index 008d4a6816..1ee6583b59 100644 --- a/packages/auth/src/middleware/google.js +++ b/packages/auth/src/middleware/passport/google.js @@ -1,4 +1,4 @@ -const CouchDB = require("../db") +// const CouchDB = require("../db") exports.options = { clientId: process.env.GOOGLE_CLIENT_ID, diff --git a/packages/auth/src/middleware/jwt.js b/packages/auth/src/middleware/passport/jwt.js similarity index 71% rename from packages/auth/src/middleware/jwt.js rename to packages/auth/src/middleware/passport/jwt.js index 5d36f0b91e..a619ab994b 100644 --- a/packages/auth/src/middleware/jwt.js +++ b/packages/auth/src/middleware/passport/jwt.js @@ -1,7 +1,4 @@ -// const jwt = require("passport-jwt") -const { Cookies } = require("../constants") - -// const ExtractJWT = jwt.ExtractJwt +const { Cookies } = require("../../constants") exports.options = { jwtFromRequest: function(ctx) { diff --git a/packages/auth/src/middleware/local.js b/packages/auth/src/middleware/passport/local.js similarity index 88% rename from packages/auth/src/middleware/local.js rename to packages/auth/src/middleware/passport/local.js index 85a68af87c..379ec58dbb 100644 --- a/packages/auth/src/middleware/local.js +++ b/packages/auth/src/middleware/passport/local.js @@ -1,8 +1,8 @@ const jwt = require("jsonwebtoken") -const { UserStatus } = require("../constants") -const CouchDB = require("../db") -const { StaticDatabases, generateUserID } = require("../db/utils") -const { compare } = require("../hashing") +const { UserStatus } = require("../../constants") +const CouchDB = require("../../db") +const { StaticDatabases, generateUserID } = require("../../db/utils") +const { compare } = require("../../hashing") const INVALID_ERR = "Invalid Credentials" diff --git a/packages/worker/src/api/controllers/admin/auth.js b/packages/worker/src/api/controllers/admin/auth.js index 07b08c7d1f..2c41c1f47d 100644 --- a/packages/worker/src/api/controllers/admin/auth.js +++ b/packages/worker/src/api/controllers/admin/auth.js @@ -1,20 +1,21 @@ -const jwt = require("jsonwebtoken") -const CouchDB = require("../../../db") const passport = require("@budibase/auth") exports.authenticate = async (ctx, next) => { - return passport.authenticate("local", async (err, user, info, status) => { - // TODO: better + return passport.authenticate("local", async (err, user) => { if (err) { - ctx.throw(err) + return ctx.throw(err) } - // await ctx.login(user) - ctx.body = { - err, - user, - info, - status, - } + const expires = new Date() + expires.setDate(expires.getDate() + 1) + + ctx.cookies.set("budibase:auth", user.token, { + expires, + path: "/", + httpOnly: false, + overwrite: true, + }) + + ctx.body = { success: true } })(ctx, next) } diff --git a/packages/worker/src/api/routes/admin/index.js b/packages/worker/src/api/routes/admin/index.js index 5a6aaf77e6..c87e395a22 100644 --- a/packages/worker/src/api/routes/admin/index.js +++ b/packages/worker/src/api/routes/admin/index.js @@ -2,15 +2,22 @@ const Router = require("@koa/router") const passport = require("@budibase/auth") const controller = require("../../controllers/admin") const authController = require("../../controllers/admin/auth") -const authenticated = require("../../../middleware/authenticated") const router = Router() router - .post("/api/admin/users", authenticated, controller.userSave) + .post("/api/admin/users", passport.authenticate("jwt"), controller.userSave) .post("/api/admin/authenticate", authController.authenticate) - .delete("/api/admin/users/:email", authenticated, controller.userDelete) + .delete( + "/api/admin/users/:email", + passport.authenticate("jwt"), + controller.userDelete + ) .get("/api/admin/users", passport.authenticate("jwt"), controller.userFetch) - .get("/api/admin/users/:email", authenticated, controller.userFind) + .get( + "/api/admin/users/:email", + passport.authenticate("jwt"), + controller.userFind + ) module.exports = router