JWT auth on admin endpoints
This commit is contained in:
Martin McKeaveney
parent
6e40e444fc
commit
46ddcdce2c
|
|
@ -5,7 +5,6 @@ const JwtStrategy = require("passport-jwt").Strategy
|
|||
const CouchDB = require("./db")
|
||||
const { StaticDatabases } = require("./db/utils")
|
||||
const { jwt, local, google } = require("./middleware")
|
||||
const hashing = require("./hashing")
|
||||
|
||||
// Strategies
|
||||
passport.use(new LocalStrategy(local.options, local.authenticate))
|
||||
|
|
@ -26,6 +25,6 @@ passport.deserializeUser(async (user, done) => {
|
|||
}
|
||||
})
|
||||
|
||||
// exports.hashing = hashing
|
||||
// exports.Cookies = Cookies
|
||||
|
||||
module.exports = passport
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ module.exports = async (ctx, next) => {
|
|||
const cookieAppId = ctx.cookies.get(Cookies.CurrentApp)
|
||||
// const builtinRoles = getBuiltinRoles()
|
||||
if (appId && cookieAppId !== appId) {
|
||||
setCookie(ctx, appId, "currentapp")
|
||||
setCookie(ctx, appId, Cookies.CurrentApp)
|
||||
} else if (cookieAppId) {
|
||||
appId = cookieAppId
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
const jwt = require("./jwt")
|
||||
const local = require("./local")
|
||||
const google = require("./google")
|
||||
const jwt = require("./passport/jwt")
|
||||
const local = require("./passport/local")
|
||||
const google = require("./passport/google")
|
||||
|
||||
module.exports = {
|
||||
google,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
const CouchDB = require("../db")
|
||||
// const CouchDB = require("../db")
|
||||
|
||||
exports.options = {
|
||||
clientId: process.env.GOOGLE_CLIENT_ID,
|
||||
|
|
@ -1,7 +1,4 @@
|
|||
// const jwt = require("passport-jwt")
|
||||
const { Cookies } = require("../constants")
|
||||
|
||||
// const ExtractJWT = jwt.ExtractJwt
|
||||
const { Cookies } = require("../../constants")
|
||||
|
||||
exports.options = {
|
||||
jwtFromRequest: function(ctx) {
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
const jwt = require("jsonwebtoken")
|
||||
const { UserStatus } = require("../constants")
|
||||
const CouchDB = require("../db")
|
||||
const { StaticDatabases, generateUserID } = require("../db/utils")
|
||||
const { compare } = require("../hashing")
|
||||
const { UserStatus } = require("../../constants")
|
||||
const CouchDB = require("../../db")
|
||||
const { StaticDatabases, generateUserID } = require("../../db/utils")
|
||||
const { compare } = require("../../hashing")
|
||||
|
||||
const INVALID_ERR = "Invalid Credentials"
|
||||
|
||||
|
|
@ -1,20 +1,21 @@
|
|||
const jwt = require("jsonwebtoken")
|
||||
const CouchDB = require("../../../db")
|
||||
const passport = require("@budibase/auth")
|
||||
|
||||
exports.authenticate = async (ctx, next) => {
|
||||
return passport.authenticate("local", async (err, user, info, status) => {
|
||||
// TODO: better
|
||||
return passport.authenticate("local", async (err, user) => {
|
||||
if (err) {
|
||||
ctx.throw(err)
|
||||
return ctx.throw(err)
|
||||
}
|
||||
|
||||
// await ctx.login(user)
|
||||
ctx.body = {
|
||||
err,
|
||||
user,
|
||||
info,
|
||||
status,
|
||||
}
|
||||
const expires = new Date()
|
||||
expires.setDate(expires.getDate() + 1)
|
||||
|
||||
ctx.cookies.set("budibase:auth", user.token, {
|
||||
expires,
|
||||
path: "/",
|
||||
httpOnly: false,
|
||||
overwrite: true,
|
||||
})
|
||||
|
||||
ctx.body = { success: true }
|
||||
})(ctx, next)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,15 +2,22 @@ const Router = require("@koa/router")
|
|||
const passport = require("@budibase/auth")
|
||||
const controller = require("../../controllers/admin")
|
||||
const authController = require("../../controllers/admin/auth")
|
||||
const authenticated = require("../../../middleware/authenticated")
|
||||
|
||||
const router = Router()
|
||||
|
||||
router
|
||||
.post("/api/admin/users", authenticated, controller.userSave)
|
||||
.post("/api/admin/users", passport.authenticate("jwt"), controller.userSave)
|
||||
.post("/api/admin/authenticate", authController.authenticate)
|
||||
.delete("/api/admin/users/:email", authenticated, controller.userDelete)
|
||||
.delete(
|
||||
"/api/admin/users/:email",
|
||||
passport.authenticate("jwt"),
|
||||
controller.userDelete
|
||||
)
|
||||
.get("/api/admin/users", passport.authenticate("jwt"), controller.userFetch)
|
||||
.get("/api/admin/users/:email", authenticated, controller.userFind)
|
||||
.get(
|
||||
"/api/admin/users/:email",
|
||||
passport.authenticate("jwt"),
|
||||
controller.userFind
|
||||
)
|
||||
|
||||
module.exports = router
|
||||
|
|
|
|||
Loading…
Reference in a new issue