CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-07-01 12:30:41 +12:00
Code Issues Projects Releases Wiki Activity

JWT auth on admin endpoints

Browse source
This commit is contained in:
Martin McKeaveney 2021-04-07 15:15:05 +01:00
parent 6e40e444fc
commit 46ddcdce2c
8 changed files with 35 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
packages/auth/src/index.js
View file

@ -5,7 +5,6 @@ const JwtStrategy = require("passport-jwt").Strategy
const CouchDB = require("./db") const CouchDB = require("./db")
const { StaticDatabases } = require("./db/utils") const { StaticDatabases } = require("./db/utils")
const { jwt, local, google } = require("./middleware") const { jwt, local, google } = require("./middleware")
const hashing = require("./hashing")
// Strategies // Strategies
passport.use(new LocalStrategy(local.options, local.authenticate)) passport.use(new LocalStrategy(local.options, local.authenticate))
@ -26,6 +25,6 @@ passport.deserializeUser(async (user, done) => {
} }
}) })
// exports.hashing = hashing // exports.Cookies = Cookies
module.exports = passport module.exports = passport

2
packages/auth/src/middleware/authenticated.js
View file

@ -22,7 +22,7 @@ module.exports = async (ctx, next) => {
const cookieAppId = ctx.cookies.get(Cookies.CurrentApp) const cookieAppId = ctx.cookies.get(Cookies.CurrentApp)
// const builtinRoles = getBuiltinRoles() // const builtinRoles = getBuiltinRoles()
if (appId && cookieAppId !== appId) { if (appId && cookieAppId !== appId) {
setCookie(ctx, appId, "currentapp") setCookie(ctx, appId, Cookies.CurrentApp)
} else if (cookieAppId) { } else if (cookieAppId) {
appId = cookieAppId appId = cookieAppId
} }

6
packages/auth/src/middleware/index.js
View file

@ -1,6 +1,6 @@
const jwt = require("./jwt") const jwt = require("./passport/jwt")
const local = require("./local") const local = require("./passport/local")
const google = require("./google") const google = require("./passport/google")
module.exports = { module.exports = {
google, google,

2
packages/auth/src/middleware/google.js → packages/auth/src/middleware/passport/google.js
View file

@ -1,4 +1,4 @@
const CouchDB = require("../db") // const CouchDB = require("../db")
exports.options = { exports.options = {
clientId: process.env.GOOGLE_CLIENT_ID, clientId: process.env.GOOGLE_CLIENT_ID,

5
packages/auth/src/middleware/jwt.js → packages/auth/src/middleware/passport/jwt.js
View file

@ -1,7 +1,4 @@
// const jwt = require("passport-jwt") const { Cookies } = require("../../constants")
const { Cookies } = require("../constants")
// const ExtractJWT = jwt.ExtractJwt
exports.options = { exports.options = {
jwtFromRequest: function(ctx) { jwtFromRequest: function(ctx) {

8
packages/auth/src/middleware/local.js → packages/auth/src/middleware/passport/local.js
View file

@ -1,8 +1,8 @@
const jwt = require("jsonwebtoken") const jwt = require("jsonwebtoken")
const { UserStatus } = require("../constants") const { UserStatus } = require("../../constants")
const CouchDB = require("../db") const CouchDB = require("../../db")
const { StaticDatabases, generateUserID } = require("../db/utils") const { StaticDatabases, generateUserID } = require("../../db/utils")
const { compare } = require("../hashing") const { compare } = require("../../hashing")
const INVALID_ERR = "Invalid Credentials" const INVALID_ERR = "Invalid Credentials"

25
packages/worker/src/api/controllers/admin/auth.js
View file

@ -1,20 +1,21 @@
const jwt = require("jsonwebtoken")
const CouchDB = require("../../../db")
const passport = require("@budibase/auth") const passport = require("@budibase/auth")
exports.authenticate = async (ctx, next) => { exports.authenticate = async (ctx, next) => {
return passport.authenticate("local", async (err, user, info, status) => { return passport.authenticate("local", async (err, user) => {
// TODO: better
if (err) { if (err) {
ctx.throw(err) return ctx.throw(err)
} }
// await ctx.login(user) const expires = new Date()
ctx.body = { expires.setDate(expires.getDate() + 1)
err,
user, ctx.cookies.set("budibase:auth", user.token, {
info, expires,
status, path: "/",
} httpOnly: false,
overwrite: true,
})
ctx.body = { success: true }
})(ctx, next) })(ctx, next)
} }

15
packages/worker/src/api/routes/admin/index.js
View file

@ -2,15 +2,22 @@ const Router = require("@koa/router")
const passport = require("@budibase/auth") const passport = require("@budibase/auth")
const controller = require("../../controllers/admin") const controller = require("../../controllers/admin")
const authController = require("../../controllers/admin/auth") const authController = require("../../controllers/admin/auth")
const authenticated = require("../../../middleware/authenticated")
const router = Router() const router = Router()
router router
.post("/api/admin/users", authenticated, controller.userSave) .post("/api/admin/users", passport.authenticate("jwt"), controller.userSave)
.post("/api/admin/authenticate", authController.authenticate) .post("/api/admin/authenticate", authController.authenticate)
.delete("/api/admin/users/:email", authenticated, controller.userDelete) .delete(
"/api/admin/users/:email",
passport.authenticate("jwt"),
controller.userDelete
)
.get("/api/admin/users", passport.authenticate("jwt"), controller.userFetch) .get("/api/admin/users", passport.authenticate("jwt"), controller.userFetch)
.get("/api/admin/users/:email", authenticated, controller.userFind) .get(
"/api/admin/users/:email",
passport.authenticate("jwt"),
controller.userFind
)
module.exports = router module.exports = router