From 0d18c1041f02cd89a6672a37dafe10f8f229ab47 Mon Sep 17 00:00:00 2001 From: Mikayla Dobson <93477693+innocuous-symmetry@users.noreply.github.com> Date: Tue, 31 Jan 2023 22:32:17 -0600 Subject: [PATCH] better configuration for auth with middleware --- server/controllers/AuthController.js | 2 +- server/loaders/express.js | 3 ++- server/loaders/passport.js | 14 ++++++++++++-- server/package.json | 2 +- server/routes/auth.js | 17 +++++++---------- server/routes/index.js | 10 ++++++---- server/routes/item.js | 9 +++++++++ 7 files changed, 38 insertions(+), 19 deletions(-) diff --git a/server/controllers/AuthController.js b/server/controllers/AuthController.js index 6700f82..8b33ee0 100644 --- a/server/controllers/AuthController.js +++ b/server/controllers/AuthController.js @@ -83,7 +83,7 @@ module.exports = class AuthController { const newUser = new User(userData.username, userData.email, hash); const result = await User.create(newUser); - return new ControllerResponse(result.rows.length > 0, result, (result.rows.length > 0 ? 201 : 400)); + return new ControllerResponse(result.length > 0, result, (result.length > 0 ? 201 : 400)); } catch (error) { console.log(error); } diff --git a/server/loaders/express.js b/server/loaders/express.js index 49966e8..bbea930 100644 --- a/server/loaders/express.js +++ b/server/loaders/express.js @@ -20,7 +20,8 @@ async function expressLoader(app) { secret: secret, cookie: { maxAge: 8 * 60 * 60 * 1000, - secure: false + secure: false, + httpOnly: false }, resave: false, saveUninitialized: false, diff --git a/server/loaders/passport.js b/server/loaders/passport.js index a7da541..94b7b89 100644 --- a/server/loaders/passport.js +++ b/server/loaders/passport.js @@ -7,16 +7,26 @@ async function passportLoader(app) { app.use(passport.session()); passport.serializeUser((user, done) => { - done(null, user); + process.nextTick(() => { + done(null, user); + }) }) passport.deserializeUser((user, done) => { - done(null, user); + process.nextTick(() => { + done(null, user); + }) }) passport.use(new Strategy({ usernameField: "email", passwordField: "password" }, async (email, password, done) => { + console.log('calling local strategy'); + console.log(email, password); + try { + console.log('before response') const response = await AuthController.login({ email: email, password: password }); + console.log(response); + if (response && response.ok) { return done(null, response.data.data); } else { diff --git a/server/package.json b/server/package.json index e071c67..33760e1 100644 --- a/server/package.json +++ b/server/package.json @@ -18,7 +18,7 @@ "dotenv": "^16.0.3", "express": "^4.18.2", "express-session": "^1.17.3", - "passport": "^0.4.0", + "passport": "^0.6.0", "passport-local": "^1.0.0", "pg": "^8.9.0" }, diff --git a/server/routes/auth.js b/server/routes/auth.js index 66b576d..502dce7 100644 --- a/server/routes/auth.js +++ b/server/routes/auth.js @@ -14,7 +14,7 @@ async function authRoute(app, passport) { } }) - router.post('/login', async (req, res, next) => { + router.post('/login', passport.authenticate('local'), async (req, res, next) => { try { const data = req.body; const response = await AuthController.login(data); @@ -22,6 +22,7 @@ async function authRoute(app, passport) { if (!response || !response.ok) { res.status(response.code || 400).send(response.data || "Something went wrong"); } else { + req.user = response.data; req.session.user = response.data; req.session.save((err) => { return next(err); @@ -36,16 +37,12 @@ async function authRoute(app, passport) { router.delete('/logout', async (req, res, next) => { try { - req.session.destroy((err) => { - if (err) throw err; - req.logout((err) => { - if (err) return next(err); - }) - }) - - res.status(204).send({ ok: true }); + req.session = null; + req.user = null; + res.status(200).clearCookie('connect.sid'); + res.end(); } catch (error) { - next(error); + console.log(error); } }) diff --git a/server/routes/index.js b/server/routes/index.js index dfa2dbc..8dbf051 100644 --- a/server/routes/index.js +++ b/server/routes/index.js @@ -2,15 +2,17 @@ const authRoute = require("./auth"); const itemRoute = require("./item"); async function routesLoader(app, passport) { - const authRouter = await authRoute(app, passport); - const itemRouter = await itemRoute(app, passport); + app.use('/', (req, res, next) => { + console.log(req.user || "no user"); + next(); + }) app.get('/', (req, res) => { res.send(req.session); }) - app.use('/auth', authRouter); - app.use('/app', passport.authenticate('local'), itemRouter); + app.use('/auth', await authRoute(app, passport)); + app.use('/app', await itemRoute(app, passport)); } module.exports = routesLoader; \ No newline at end of file diff --git a/server/routes/item.js b/server/routes/item.js index b8d0a97..ab57fda 100644 --- a/server/routes/item.js +++ b/server/routes/item.js @@ -2,6 +2,15 @@ const router = require('express').Router(); const ItemController = require('../controllers/ItemController'); function itemRoute(app, passport) { + router.use('/', (req, res, next) => { + if (req.user == null) { + res.status(403).send("Unauthorized"); + return; + } else { + next(); + } + }) + router.get('/item', async (req, res) => { const response = await ItemController.getAll(); const { data, code } = response;