JWT auth on admin endpoints

This commit is contained in:
Martin McKeaveney 2021-04-07 15:15:05 +01:00
parent edcc34e787
commit f135aa9db4
8 changed files with 35 additions and 31 deletions

View File

@ -5,7 +5,6 @@ const JwtStrategy = require("passport-jwt").Strategy
const CouchDB = require("./db")
const { StaticDatabases } = require("./db/utils")
const { jwt, local, google } = require("./middleware")
const hashing = require("./hashing")
// Strategies
passport.use(new LocalStrategy(local.options, local.authenticate))
@ -26,6 +25,6 @@ passport.deserializeUser(async (user, done) => {
}
})
// exports.hashing = hashing
// exports.Cookies = Cookies
module.exports = passport

View File

@ -22,7 +22,7 @@ module.exports = async (ctx, next) => {
const cookieAppId = ctx.cookies.get(Cookies.CurrentApp)
// const builtinRoles = getBuiltinRoles()
if (appId && cookieAppId !== appId) {
setCookie(ctx, appId, "currentapp")
setCookie(ctx, appId, Cookies.CurrentApp)
} else if (cookieAppId) {
appId = cookieAppId
}

View File

@ -1,6 +1,6 @@
const jwt = require("./jwt")
const local = require("./local")
const google = require("./google")
const jwt = require("./passport/jwt")
const local = require("./passport/local")
const google = require("./passport/google")
module.exports = {
google,

View File

@ -1,4 +1,4 @@
const CouchDB = require("../db")
// const CouchDB = require("../db")
exports.options = {
clientId: process.env.GOOGLE_CLIENT_ID,

View File

@ -1,7 +1,4 @@
// const jwt = require("passport-jwt")
const { Cookies } = require("../constants")
// const ExtractJWT = jwt.ExtractJwt
const { Cookies } = require("../../constants")
exports.options = {
jwtFromRequest: function(ctx) {

View File

@ -1,8 +1,8 @@
const jwt = require("jsonwebtoken")
const { UserStatus } = require("../constants")
const CouchDB = require("../db")
const { StaticDatabases, generateUserID } = require("../db/utils")
const { compare } = require("../hashing")
const { UserStatus } = require("../../constants")
const CouchDB = require("../../db")
const { StaticDatabases, generateUserID } = require("../../db/utils")
const { compare } = require("../../hashing")
const INVALID_ERR = "Invalid Credentials"

View File

@ -1,20 +1,21 @@
const jwt = require("jsonwebtoken")
const CouchDB = require("../../../db")
const passport = require("@budibase/auth")
exports.authenticate = async (ctx, next) => {
return passport.authenticate("local", async (err, user, info, status) => {
// TODO: better
return passport.authenticate("local", async (err, user) => {
if (err) {
ctx.throw(err)
return ctx.throw(err)
}
// await ctx.login(user)
ctx.body = {
err,
user,
info,
status,
}
const expires = new Date()
expires.setDate(expires.getDate() + 1)
ctx.cookies.set("budibase:auth", user.token, {
expires,
path: "/",
httpOnly: false,
overwrite: true,
})
ctx.body = { success: true }
})(ctx, next)
}

View File

@ -2,15 +2,22 @@ const Router = require("@koa/router")
const passport = require("@budibase/auth")
const controller = require("../../controllers/admin")
const authController = require("../../controllers/admin/auth")
const authenticated = require("../../../middleware/authenticated")
const router = Router()
router
.post("/api/admin/users", authenticated, controller.userSave)
.post("/api/admin/users", passport.authenticate("jwt"), controller.userSave)
.post("/api/admin/authenticate", authController.authenticate)
.delete("/api/admin/users/:email", authenticated, controller.userDelete)
.delete(
"/api/admin/users/:email",
passport.authenticate("jwt"),
controller.userDelete
)
.get("/api/admin/users", passport.authenticate("jwt"), controller.userFetch)
.get("/api/admin/users/:email", authenticated, controller.userFind)
.get(
"/api/admin/users/:email",
passport.authenticate("jwt"),
controller.userFind
)
module.exports = router