budibase/packages/server/src/api/controllers/auth.js

const jwt = require("jsonwebtoken")
const CouchDB = require("../../db")
const ClientDb = require("../../db/clientDb")
const bcrypt = require("../../utilities/bcrypt")

exports.authenticate = async ctx => {
  const { username, password } = ctx.request.body

  if (!username) ctx.throw(400, "Username Required.")
  if (!password) ctx.throw(400, "Password Required")

  const masterDb = new CouchDB("clientAppLookup")
  const { clientId } = await masterDb.get(ctx.params.appId)

  if (!clientId) {
    ctx.throw(400, "ClientId not suplied")
  }
  // find the instance that the user is associated with
  const db = new CouchDB(ClientDb.name(clientId))
  const appId = ctx.params.appId
  const app = await db.get(appId)
  const instanceId = app.userInstanceMap[username]

  if (!instanceId)
    ctx.throw(500, "User is not associated with an instance of app", appId)

  // Check the user exists in the instance DB by username
  const instanceDb = new CouchDB(instanceId)

  let dbUser
  try {
    dbUser = await instanceDb.get(`user_${username}`)
  } catch (_) {
    // do not want to throw a 404 - as this could be
    // used to dtermine valid usernames
    ctx.throw(401, "Invalid Credentials")
  }

  // authenticate
  if (await bcrypt.compare(password, dbUser.password)) {
    const payload = {
      userId: dbUser._id,
      accessLevelId: dbUser.accessLevelId,
      instanceId: instanceId,
    }

    const token = jwt.sign(payload, ctx.config.jwtSecret, {
      expiresIn: "1 day",
    })

    const ONE_DAY_FROM_NOW = new Date(Date.now() + 24 * 3600)

    ctx.cookies.set("budibase:token", token, { expires: ONE_DAY_FROM_NOW })

    ctx.body = {
      token,
      ...dbUser,
    }
  } else {
    ctx.throw(401, "Invalid credentials.")
  }
}
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const jwt = require("jsonwebtoken")`
			`const CouchDB = require("../../db")`
removing clientId from frontend, fixing invalid database name 2020-05-18 17:40:29 +12:00			`const ClientDb = require("../../db/clientDb")`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const bcrypt = require("../../utilities/bcrypt")`
correct resource paths 2020-04-08 07:34:21 +12:00
pouchDB integration, use app id instead of app name for keying app packages 2020-04-24 01:37:08 +12:00			`exports.authenticate = async ctx => {`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const { username, password } = ctx.request.body`
backend allowing creation of models, records and databases 2020-04-21 03:17:11 +12:00
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`if (!username) ctx.throw(400, "Username Required.")`
			`if (!password) ctx.throw(400, "Password Required")`
correct resource paths 2020-04-08 07:34:21 +12:00
changed "master" databse to "clientAppLookup" 2020-06-11 21:12:01 +12:00			`const masterDb = new CouchDB("clientAppLookup")`
application supports multiple concurrent client DB 2020-06-11 08:39:30 +12:00			`const { clientId } = await masterDb.get(ctx.params.appId)`

			`if (!clientId) {`
			`ctx.throw(400, "ClientId not suplied")`
			`}`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`// find the instance that the user is associated with`
application supports multiple concurrent client DB 2020-06-11 08:39:30 +12:00			`const db = new CouchDB(ClientDb.name(clientId))`
lint 2020-06-04 07:44:35 +12:00			`const appId = ctx.params.appId`
			`const app = await db.get(appId)`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const instanceId = app.userInstanceMap[username]`
development setup, adding data components 2020-05-06 21:33:30 +12:00
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`if (!instanceId)`
			`ctx.throw(500, "User is not associated with an instance of app", appId)`
development setup, adding data components 2020-05-06 21:33:30 +12:00
			`// Check the user exists in the instance DB by username`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const instanceDb = new CouchDB(instanceId)`
development setup, adding data components 2020-05-06 21:33:30 +12:00
access levels 2020-05-28 04:23:01 +12:00			`let dbUser`
			`try {`
			dbUser = await instanceDb.get(`user_${username}`)
			`} catch (_) {`
			`// do not want to throw a 404 - as this could be`
			`// used to dtermine valid usernames`
			`ctx.throw(401, "Invalid Credentials")`
			`}`
development setup, adding data components 2020-05-06 21:33:30 +12:00
			`// authenticate`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-24 01:37:08 +12:00			`if (await bcrypt.compare(password, dbUser.password)) {`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const payload = {`
			`userId: dbUser._id,`
access levels 2020-05-28 04:23:01 +12:00			`accessLevelId: dbUser.accessLevelId,`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`instanceId: instanceId,`
			`}`
Auth working 2020-05-07 07:29:47 +12:00
			`const token = jwt.sign(payload, ctx.config.jwtSecret, {`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`expiresIn: "1 day",`
			`})`
removed core library 2020-05-07 07:49:21 +12:00
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const ONE_DAY_FROM_NOW = new Date(Date.now() + 24 * 3600)`

			`ctx.cookies.set("budibase:token", token, { expires: ONE_DAY_FROM_NOW })`
Auth working 2020-05-07 07:29:47 +12:00
development setup, adding data components 2020-05-06 21:33:30 +12:00			`ctx.body = {`
			`token,`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`...dbUser,`
			`}`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-24 01:37:08 +12:00			`} else {`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`ctx.throw(401, "Invalid credentials.")`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-24 01:37:08 +12:00			`}`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`}`