| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450 |
- 'use strict'
- require('dotenv').config()
- const crypto = require('crypto')
- const Util = require('util')
- const Jwt = require('@hapi/jwt')
- const Schmervice = require('@hapipal/schmervice')
- const SecurePassword = require('secure-password')
-
- // Configuration for Brevo
- const SibApiV3Sdk = require('sib-api-v3-sdk')
- const defaultClient = SibApiV3Sdk.ApiClient.instance
- const apiKey = defaultClient.authentications['api-key']
- apiKey.apiKey = process.env.BREVO_KEY
-
- const apiInstance = new SibApiV3Sdk.TransactionalEmailsApi()
-
- const hashEmail = async email => {
- try {
- return crypto.createHmac('sha256', '').update(email).digest('hex')
- } catch (err) {
- console.error('ERROR :=>', err)
- return undefined
- }
- }
- // const emailsSent = {}
- const hasher = async (pwd, steak) => {
- const hash = await pwd.hash(steak)
- const result = await pwd.verify(steak, hash)
- let squirtle = null
-
- switch (result) {
- case SecurePassword.INVALID_UNRECOGNIZED_HASH:
- return console.error(
- 'This hash was not made with secure-password. Attempt legacy algorithm',
- )
- case SecurePassword.INVALID:
- return console.log('Invalid password')
- case SecurePassword.VALID:
- return result
- case SecurePassword.VALID_NEEDS_REHASH:
- console.log('Yay you made it, wait for us to improve your safety')
- try {
- squirtle = await pwd.hash(steak)
- // console.log('improvedHash', squirtle)
- // const saveHash = Auth.insert({user_email: matchingEmails}, ).into('token')
- return squirtle
- } catch (err) {
- console.error(
- 'You are authenticated, but we could not improve your safety this time around',
- )
- }
- break
- }
- }
-
- /** Class for methods used in the User plugin */
- module.exports = class UserService extends Schmervice.Service {
- /**
- * Unsure of what our constructor does
- * @param {...any} args
- */
- constructor(...args) {
- super(...args)
- const pwd = new SecurePassword()
- // TODO: Invalidate this cache somehow after a certain time period has
- // passed
- // TODO: Remove hashedEmails in preference of activeSessions
- this.hashedEmails = {
- // NOTE: key is email hash and value is timestamp in ms
- // abc123456: '123456689',
- }
-
- // this.activeSessions = [
- // {
- // user: {
- // useremail: email,
- // hashedEmail: hashedEmail,
- // username: name,
- // },
- // expiration: 1203984710234
- // },
- // token: 'tokenString + expirationDate + salt'
- // ]
-
- this.pwd = {
- hash: Util.promisify(pwd.hash.bind(pwd)),
- verify: Util.promisify(pwd.verify.bind(pwd)),
- }
- }
-
- /**
- * Use knex to find users with id column
- * @param {number} id
- * @param {*} txn
- * @returns
- */
- async findById(id, txn) {
- const { User } = this.server.models()
-
- return await User.query(txn)
- .throwIfNotFound()
- .first()
- .where({ user_id: id })
- }
-
- /**
- * Use knew to find first user with username
- * @param {*} username
- * @param {*} txn
- * @returns
- */
- async findByUsername(username, txn) {
- const { User } = this.server.models()
-
- return await User.query(txn)
- .throwIfNotFound()
- .first()
- .where({ user_name: username })
- }
-
- /**
- * Use knew to find first user with useremail
- * @param {*} username
- * @param {*} txn
- * @returns
- */
- async findByUserEmail(userEmail, txn) {
- const { User } = this.server.models()
- const user = await User.query(txn)
- .throwIfNotFound()
- .first()
- .where({ user_email: userEmail })
- return user
- }
-
- /**
- * Signup function
- * @param {*} param0
- * @param {*} txn
- * @returns
- */
- async signup({ password, userInfo, created_at }, txn) {
- const { User, Auth } = this.server.models()
- const matchingEmails = await User.query().where(
- 'user_email',
- userInfo.user_email,
- )
- if (matchingEmails.length > 0) {
- throw `User ${userInfo.user_email} already exists: Cannot create a user without a unique email`
- }
- // Insert User Info to User table
- const insertUser = await User.query().insert(userInfo)
- // insert a row with blank password to be updated by changePassword()
- await Auth.query().insert({
- user_email: insertUser.user_email,
- created_at: created_at,
- token: null,
- })
- // update null token with hashed password
- await this.changePassword(insertUser.user_email, password, txn)
- return {
- user_id: insertUser.id,
- user_name: insertUser.user_name,
- user_email: insertUser.user_email,
- is_poster: insertUser.is_poster,
- is_admin: insertUser.is_admin,
- is_verified: insertUser.is_verified,
- }
- }
-
- /**
- * Updates user's info
- * @param {number} id
- * @param {*} param1
- * @param {*} txn
- * @returns
- */
- async update(id, { password, ...userInfo }, txn) {
- const { User } = this.server.models()
-
- if (Object.keys(userInfo).length > 0) {
- await User.query(txn)
- .throwIfNotFound()
- .where({ id })
- .patch(userInfo)
- }
-
- if (password) {
- await this.changePassword(id, password, txn)
- }
-
- return id
- }
-
- /**
- * Self explanatory
- * @param {*} param0
- * @param {*} txn
- * @returns
- */
- async login({ email, password }, txn) {
- const { User, Auth } = this.server.models()
-
- const user = await Auth.query(txn)
- .throwIfNotFound()
- .first()
- .where({ user_email: email })
-
- const bufferPepper = Buffer.from(process.env.PEPPER + password)
-
- /** Uncomment to run password check using SecurePassword */
- const passwordCheck = await this.pwd.verify(bufferPepper, user.token)
- if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {
- await this.changePassword(user.user_email, password, txn)
- } else if (passwordCheck !== SecurePassword.VALID) {
- throw User.createNotFoundError()
- }
-
- return user
- }
-
- /**
- * Create a token to be sent in request headers
- * @param {User} user
- * @returns {Token}
- */
- // TODO: Put this logic in the routes, NOT here
- // createSessionToken(user, payload)
- // createAccessToken()
- //
- createToken(user) {
- const key = this.server.registrations['main-app-plugin'].options.jwtKey
-
- let token = Jwt.token.generate(
- {
- aud: 'urn:audience:test',
- iss: 'urn:issuer:test',
- // ...payload,
- email: user.email,
- name: user.name,
- seeking: user.seeking,
- salt: 'a;ldfkjas;l/dfkafnml;/cjkf',
- // profile_id: user.profile_id,
- },
- {
- key: key,
- algorithm: 'HS256',
- },
- {
- ttlSec: 4 * 60 * 60, // 7 days
- },
- )
- console.log('token :=>', token)
- token = Jwt.token.generate(
- {
- aud: 'urn:audience:test',
- iss: 'urn:issuer:test',
- // ...payload,
- email: user.email,
- name: user.name,
- seeking: user.seeking,
- salt: 'qpowieurpqowytqpoieryu',
- // profile_id: user.profile_id,
- },
- {
- key: key,
- algorithm: 'HS256',
- },
- {
- ttlSec: 4 * 60 * 60, // 7 days
- },
- )
- console.log('\n')
- console.log('token :=>', token)
- token = Jwt.token.generate(
- {
- aud: 'urn:audience:test',
- iss: 'urn:issuer:test',
- // ...payload,
- email: user.email,
- name: user.name,
- seeking: user.seeking,
- salt: 'a;ldfkjas;l/dfkafnml;/cjkf',
- // profile_id: user.profile_id,
- },
- {
- key: key,
- algorithm: 'HS256',
- },
- {
- ttlSec: 6 * 60 * 60, // 7 days
- },
- )
- console.log('token :=>', token)
- token = Jwt.token.generate(
- {
- aud: 'urn:audience:test',
- iss: 'urn:issuer:test',
- // ...payload,
- email: user.email,
- name: user.name,
- seeking: user.seeking,
- salt: 'a;ldfkjas;l/dfkafnml;/cjkf',
- // profile_id: user.profile_id,
- },
- {
- key: key,
- algorithm: 'HS256',
- },
- {
- ttlSec: 7 * 60 * 60, // 7 days
- },
- )
- console.log('token :=>', token)
-
- // TODO: keep userinfo and it's association with the sessionToken in state/memory
- // registerSession(user, sessionToken) // useremail, token
- // this.registerSession(user, token)
- return token
- }
-
- async registerSession(user, hashedEmail, token) {
- const sessionRequester = {
- user: user,
- hashedEmail: hashedEmail,
- token: token,
- }
- const alreadyExists = this.activeSessions.find(
- sessionRequester => sessionRequester.hashedEmail === hashedEmail,
- )
- if (!alreadyExists) {
- this.activeSessions.push(sessionRequester)
- }
- }
- /**
- * Validates whether a token has expired or not
- * @param {User} user
- * @returns {Token}
- */
- validateToken(token) {
- const key = this.server.registrations['main-app-plugin'].options.jwtKey
- // NOTE: reveals email...perhaps unhashed email belongs here instead...
- try {
- const decodedToken = Jwt.token.decode(token)
- Jwt.token.verify(decodedToken, key)
- return { isValid: true, payload: decodedToken.decoded.payload }
- } catch (err) {
- return { isValid: false, error: err.message }
- }
- }
-
- /**
- * Use knex to try to change password entry
- * @param {number} id
- * @param {string} password
- * @param {*} txn
- * @returns {number}
- */
- async changePassword(email, password, txn) {
- const { Auth } = this.server.models()
-
- const hashed = await this.pwd.hash(
- Buffer.from(process.env.PEPPER + password),
- )
-
- await Auth.query(txn)
- .throwIfNotFound()
- .where({ user_email: email })
- .patch({
- // user_email: email,
- token: hashed,
- })
- return email
- }
-
- async getPassword(email, txn) {
- const { Auth } = this.server.models()
-
- const passwordRow = await Auth.query(txn)
- .where('user_email', email)
- .first()
-
- return passwordRow ? passwordRow.token : null
- }
-
- async checkEmailCache(userEmail) {
- const hashedEmail = await hashEmail(userEmail)
- const now = Date.now()
- // hashedEmail needs to be derived by email, salt
- const expiration = this.hashedEmails[hashedEmail]
- console.log('this.hashedEmails :=>', this.hashedEmails)
- const emailIsInCache = Object.keys(this.hashedEmails).includes(
- hashedEmail,
- )
- const emailIsExpired = now > expiration ? true : false
- console.log('emailIsInCache :=>', emailIsInCache)
- console.log('emailIsExpired :=>', emailIsExpired)
- if (emailIsInCache && !emailIsExpired) {
- return true
- } else {
- // try {
- // delete this.hashedEmails[hashedEmail]
- // } catch (err) {
- // console.error('ERROR :=>', err)
- // }
- return false
- }
- }
-
- /**
- * Sends a Transactional Email via Brevo
- * @ returns {Object}
- */
- async emailSent(userEmail) {
- const hashedEmail = await hashEmail(userEmail)
- if (Object.keys(this.hashedEmails).includes(hashedEmail)) {
- return new Error('email address already in cache!!')
- }
- // Set expiration time for five minutes from now
- const duration = 1000 * 60 * 5
- this.hashedEmails[hashedEmail] = Date.now() + duration
- const sendSmtpEmail = {
- to: [
- {
- email: userEmail,
- },
- ],
- templateId: 1,
- params: {
- // TODO: Change this in production...
- link: `localhost:3000/verify/${hashedEmail}`,
- },
- }
-
- await apiInstance.sendTransacEmail(sendSmtpEmail).then(
- data => {
- return {
- wasSuccessfull: true,
- data: data,
- }
- },
- error => {
- return {
- wasSuccessfull: false,
- error: error,
- }
- },
- )
- }
- }
|
