fyindr
/
siimee
關注 4
收藏 3
複製 1
程式碼 合併請求 1 版本發佈 4 Wiki 活動
瀏覽代碼

:construction: Set up separate routes for session/access token creation

tags/0.0.3^2
tomit4 3 年之前
父節點
dfc42d6e91
當前提交
67fbe0181e
共有 9 個檔案被更改,包括 87 行新增22 行删除
統一視圖 顯示文件統計
  1. 4
    2
      backend/lib/plugins/user.js
  2. 10
    6
      backend/lib/routes/user/getaccess.js
  3. 61
    0
      backend/lib/routes/user/getsession.js
  4. 1
    1
      backend/lib/routes/user/validatesession.js
  5. 2
    5
      backend/lib/services/user.js
  6. 1
    2
      frontend/src/components/onboarding/Auth.vue
  7. 5
    2
      frontend/src/services/auth.service.js
  8. 2
    2
      frontend/src/views/OnboardingView.vue
  9. 1
    2
      frontend/src/views/VerifyView.vue

+ 4
- 2
backend/lib/plugins/user.js 查看文件

14 
 const UserSignupRoute = require('../routes/user/signup')
 14 
 const UserSignupRoute = require('../routes/user/signup')
15 
 const UserEmailRoute = require('../routes/user/email.js')
 15 
 const UserEmailRoute = require('../routes/user/email.js')
16 
 const UserVerifyEmailRoute = require('../routes/user/verifyemail.js')
 16 
 const UserVerifyEmailRoute = require('../routes/user/verifyemail.js')
17 
-const UserGetJWTRoute = require('../routes/user/getjwt.js')
17 
+const UserGetSessionRoute = require('../routes/user/getsession.js')
18 
+const UserGetAccessRoute = require('../routes/user/getaccess.js')
18 
 const UserValidateSessionRoute = require('../routes/user/validatesession.js')
 19 
 const UserValidateSessionRoute = require('../routes/user/validatesession.js')
19 
 const UserCheckEmailRegistry = require('../routes/user/check-email-registry.js')
 20 
 const UserCheckEmailRegistry = require('../routes/user/check-email-registry.js')
20 
 const UserByEmail = require('../routes/user/user-by-email.js')
 21 
 const UserByEmail = require('../routes/user/user-by-email.js')
57 
         await server.route(UserProfilesListRoute)
 58 
         await server.route(UserProfilesListRoute)
58 
         await server.route(UserEmailRoute)
 59 
         await server.route(UserEmailRoute)
59 
         await server.route(UserVerifyEmailRoute)
 60 
         await server.route(UserVerifyEmailRoute)
60 
-        await server.route(UserGetJWTRoute)
61 
+        await server.route(UserGetSessionRoute)
62 
+        await server.route(UserGetAccessRoute)
61 
         await server.route(UserValidateSessionRoute)
 63 
         await server.route(UserValidateSessionRoute)
62 
         await server.route(UserCheckEmailRegistry)
 64 
         await server.route(UserCheckEmailRegistry)
63 
         await server.route(UserByEmail)
 65 
         await server.route(UserByEmail)

backend/lib/routes/user/getjwt.js → backend/lib/routes/user/getaccess.js 查看文件

3 
 const Joi = require('joi')
 3 
 const Joi = require('joi')
4
4
5 
 const pluginConfig = {
 5 
 const pluginConfig = {
6 
-    handlerType: 'email',
6 
+    handlerType: 'authentication',
7 
     docs: {
 7 
     docs: {
8 
         get: {
 8 
         get: {
9 
-            description: 'gets jwt after verifying email',
10 
-            notes: 'Gets jwt after validating email',
9 
+            description: 'gets access token for authentication',
10 
+            notes: 'Gets access token for authentication',
11 
         },
 11 
         },
12 
     },
 12 
     },
13 
 }
 13 
 }
14
14
15 
 module.exports = {
 15 
 module.exports = {
16 
     method: 'POST',
 16 
     method: 'POST',
17 
-    path: '/getjwt',
17 
+    path: '/getaccess',
18 
     options: {
 18 
     options: {
19 
         ...pluginConfig.docs.get,
 19 
         ...pluginConfig.docs.get,
20 
         tags: ['api'],
 20 
         tags: ['api'],
26 
         handler: async function (request, h) {
 26 
         handler: async function (request, h) {
27 
             const { userService } = request.server.services()
 27 
             const { userService } = request.server.services()
28 
             const res = request.payload
 28 
             const res = request.payload
29 
-            const token = await userService.createToken(res)
29 
+            const token = await userService.createToken({
30 
+                ...res,
31 
+                // NOTE: Set Expiration Time for Access Token Here
32 
+                expires: 60 * 3,
33 
+            })
30 
             try {
 34 
             try {
31 
                 const response = h.response({
 35 
                 const response = h.response({
32 
                     ok: true,
 36 
                     ok: true,
50 
         },
 54 
         },
51 
         response: {
 55 
         response: {
52 
             // TODO: change back to accommodate new h.response return values
 56 
             // TODO: change back to accommodate new h.response return values
53 
-            schema: Joi.any().label('get_jwt_res'),
57 
+            schema: Joi.any().label('get_access_res'),
54 
             failAction: 'log',
 58 
             failAction: 'log',
55 
         },
 59 
         },
56 
     },
 60 
     },

+ 61
- 0
backend/lib/routes/user/getsession.js 查看文件

1 
+'use strict'
2 
+
3 
+const Joi = require('joi')
4 
+
5 
+const pluginConfig = {
6 
+    handlerType: 'authentication',
7 
+    docs: {
8 
+        get: {
9 
+            description: 'gets session token for authentication',
10 
+            notes: 'Gets session token for authentication',
11 
+        },
12 
+    },
13 
+}
14 
+
15 
+module.exports = {
16 
+    method: 'POST',
17 
+    path: '/getsession',
18 
+    options: {
19 
+        ...pluginConfig.docs.get,
20 
+        tags: ['api'],
21 
+        auth: false,
22 
+        cors: {
23 
+            headers: ['Authorization'],
24 
+            exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
25 
+        },
26 
+        handler: async function (request, h) {
27 
+            const { userService } = request.server.services()
28 
+            const res = request.payload
29 
+            const token = await userService.createToken({
30 
+                ...res,
31 
+                // NOTE: Set Expiration Time for Session Token Here
32 
+                expires: 60 * 3,
33 
+            })
34 
+            try {
35 
+                const response = h.response({
36 
+                    ok: true,
37 
+                    handler: pluginConfig.handlerType,
38 
+                    data: token,
39 
+                })
40 
+                response.header('Authorization', token)
41 
+                return response
42 
+            } catch (err) {
43 
+                return {
44 
+                    ok: false,
45 
+                    handler: pluginConfig.handlerType,
46 
+                    data: {
47 
+                        error: err,
48 
+                    },
49 
+                }
50 
+            }
51 
+        },
52 
+        validate: {
53 
+            failAction: 'log',
54 
+        },
55 
+        response: {
56 
+            // TODO: change back to accommodate new h.response return values
57 
+            schema: Joi.any().label('get_session_res'),
58 
+            failAction: 'log',
59 
+        },
60 
+    },
61 
+}

+ 1
- 1
backend/lib/routes/user/validatesession.js 查看文件

20 
     options: {
 20 
     options: {
21 
         ...pluginConfig.docs.get,
 21 
         ...pluginConfig.docs.get,
22 
         tags: ['api'],
 22 
         tags: ['api'],
23 
-        auth: false,
23 
+        auth: false, // set to jwt strategy
24 
         cors: true,
 24 
         cors: true,
25 
         handler: async function (request, h) {
 25 
         handler: async function (request, h) {
26 
             const sessionToken = request.params.sessionToken
 26 
             const sessionToken = request.params.sessionToken

+ 2
- 5
backend/lib/services/user.js 查看文件

222 
      * @param {User} user
 222 
      * @param {User} user
223 
      * @returns {Token}
 223 
      * @returns {Token}
224 
      */
 224 
      */
225 
-    // TODO: Put this logic in the routes, NOT here
226 
-    // createSessionToken(user, payload)
227 
-    // createAccessToken()
228 
-    //
229 
     createToken(data) {
 225 
     createToken(data) {
230 
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
 226 
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
231 
         const obj = {}
 227 
         const obj = {}
253 
      * @param {User} user
 249 
      * @param {User} user
254 
      * @returns {Token}
 250 
      * @returns {Token}
255 
      */
 251 
      */
252 
+    // TODO: Move this ino the auth strategies
256 
     validateToken(token) {
 253 
     validateToken(token) {
257 
-        const key = this.server.registrations['main-app-plugin'].options.jwtKey
254 
+        const key = this.server.registrations['main-app-plugin'].options.jwtKey // mysecret
258 
         try {
 255 
         try {
259 
             return JWT.verify(token, key)
 256 
             return JWT.verify(token, key)
260 
         } catch (err) {
 257 
         } catch (err) {

+ 1
- 2
frontend/src/components/onboarding/Auth.vue 查看文件

67 
                 )
 67 
                 )
68 
         },
 68 
         },
69 
         async getSessionToken(payload) {
 69 
         async getSessionToken(payload) {
70 
-            return await this.authenticator.getJwt({
70 
+            return await this.authenticator.getSessionToken({
71 
                 payload,
 71 
                 payload,
72 
-                expires: 60 * 3,
73 
             })
 72 
             })
74 
         },
 73 
         },
75 
         async signupNewUser(userInfo) {
 74 
         async signupNewUser(userInfo) {

+ 5
- 2
frontend/src/services/auth.service.js 查看文件

14 
         const isVerified = await db.get(`/user/verify/${hashedEmail}`)
 14 
         const isVerified = await db.get(`/user/verify/${hashedEmail}`)
15 
         return isVerified.hashesMatch
 15 
         return isVerified.hashesMatch
16 
     }
 16 
     }
17 
-    async getJwt(req) {
18 
-        return await db.post('/user/getjwt', req, true)
17 
+    async getSessionToken(req) {
18 
+        return await db.post('/user/getsession', req, true)
19 
+    }
20 
+    async getAccessToken(req) {
21 
+        return await db.post('/user/getaccess', req, true)
19 
     }
 22 
     }
20 
     async validateSession(sessionToken) {
 23 
     async validateSession(sessionToken) {
21 
         return await db.get(`/user/validatesession/${sessionToken}`)
 24 
         return await db.get(`/user/validatesession/${sessionToken}`)

+ 2
- 2
frontend/src/views/OnboardingView.vue 查看文件

45 
 import SurveyCompleteView from './SurveyCompleteView.vue'
 45 
 import SurveyCompleteView from './SurveyCompleteView.vue'
46 
 let sessionToken = null
 46 
 let sessionToken = null
47 
 let accessToken = null
 47 
 let accessToken = null
48 
-// import savesurveybyprofileid - call it on submit
49 
-// paginate to save every steps answers
50
48
51 
 /* BRIAN'S NOTE:
49 
 /* BRIAN'S NOTE:
52 
 I'll need help here. The logic is getting confusing.
 50 
 I'll need help here. The logic is getting confusing.
60 
             anotherhashedEmailString: expiration_in_milliseconds,
 58 
             anotherhashedEmailString: expiration_in_milliseconds,
61 
         }
 59 
         }
62
60
61 
+        TODO: jwt, hashedEmail, cookie expiration should be the same
63 
     3.  The session, access tokens all have jwt expirations as well as cookie expirations
 62 
     3.  The session, access tokens all have jwt expirations as well as cookie expirations
64
63
65 
     4.  Additionally, we have an expiration on each hashedEmail string...
 64 
     4.  Additionally, we have an expiration on each hashedEmail string...
116 
         }
 115 
         }
117 
         // TODO: EVERY ROUTE WE HIT AFTER THIS HAS TO BE AUTHENTICATED
 116 
         // TODO: EVERY ROUTE WE HIT AFTER THIS HAS TO BE AUTHENTICATED
118 
         // ACCESS TOKEN WORKS
 117 
         // ACCESS TOKEN WORKS
118 
+        // START PROTECTING ALL ROUTES
119 
         if (this.emailIsRegistered) {
 119 
         if (this.emailIsRegistered) {
120 
             const user = await fetchUserByEmail(this.userEmail)
 120 
             const user = await fetchUserByEmail(this.userEmail)
121 
             const userId = user.user_id
 121 
             const userId = user.user_id

+ 1
- 2
frontend/src/views/VerifyView.vue 查看文件

42 
         },
 42 
         },
43 
         // QUESTION: This will likely be needed in OnboardingView.vue
 43 
         // QUESTION: This will likely be needed in OnboardingView.vue
44 
         async getAccessToken(payload) {
 44 
         async getAccessToken(payload) {
45 
-            const accessToken = await this.authenticator.getJwt({
45 
+            const accessToken = await this.authenticator.getAccessToken({
46 
                 payload,
 46 
                 payload,
47 
-                expires: 60 * 3,
48 
             })
 47 
             })
49 
             document.cookie = `siimee_access=${accessToken}; max-age=600; path=/; secure`
 48 
             document.cookie = `siimee_access=${accessToken}; max-age=600; path=/; secure`
50 
         },
 49 
         },

Write Preview
Loading…
取消
儲存