server overhaul, new jwt strategy, some various patches

2023-02-11 16:25:30 -06:00
parent 7aa5e80d4d
commit 3af0af8066
21 changed files with 160 additions and 103 deletions
--- a/server/loaders/express.ts
+++ b/server/loaders/express.ts
@@ -6,39 +6,31 @@ import cors from 'cors';
 import session from 'express-session';
 import pgSessionStore from '../db/sessionStore';
 import { IUser } from '../schemas';
+import { requireSessionSecret } from '../auth/middlewares';

-declare module "express-session" {
+const origin = process.env.ORIGIN || 'http://localhost:5173';
+const secret = process.env.SESSIONSECRET;
+
+declare module 'express-session' {
    interface SessionData {
-        user: IUser
+        user?: IUser
    }
 }

 export const expressLoader = async (app: Express) => {
-    app.use(cors({
-        origin: process.env.ORIGIN || 'http://localhost:5173',
-        credentials: true
-      }));
-
+    app.use(cors({ origin: origin }));
    app.use(bodyParser.json());
    app.use(bodyParser.urlencoded({ extended: true }));
    app.use(cookieParser());
-
-    // app.options("*", cors({ origin: 'http://localhost:5173', optionsSuccessStatus: 200 }));
-    // app.use(cors({ origin: "http://localhost:5173", optionsSuccessStatus: 200 }));
-
    app.use(morgan('tiny'));
-
-    app.get('/', (req, res) => {
-        res.cookie('name', 'express').send('cookie set');
-    })
-
-    const secret = process.env.SESSIONSECRET as string;
+    app.use(requireSessionSecret);

    app.use(session({
-        secret: secret,
+        secret: secret as string,
        cookie: {
            maxAge: 8 * 60 * 60 * 1000,
-            secure: false
+            secure: false,
+            httpOnly: false
        },
        resave: false,
        saveUninitialized: false,
--- a/server/loaders/index.ts
+++ b/server/loaders/index.ts
@@ -6,7 +6,7 @@ import { passportLoader } from './passport';

 export const loaders = async (app: Express) => {
    const expressApp = await expressLoader(app);
-    const passportApp = await passportLoader(expressApp);
+    await passportLoader(expressApp);
    await swaggerLoader(expressApp);
-    await routes(expressApp, passportApp);
+    await routes(expressApp);
 }
--- a/server/loaders/passport.ts
+++ b/server/loaders/passport.ts
@@ -1,32 +1,35 @@
-import { Strategy as LocalStrategy } from "passport-local";
 import passport from "passport";
 import { Express } from "express";
-import AuthService from "../auth";
-import { IUserAuth } from "../schemas";
-const AuthInstance = new AuthService();
+import { ExtractJwt, Strategy as JwtStrategy } from "passport-jwt";

 export const passportLoader = async (app: Express) => {
    app.use(passport.initialize());
    app.use(passport.session());

-    passport.serializeUser((user, done) => {
-        done(null, user);
+    passport.serializeUser((user: Express.User, done) => {
+        process.nextTick(() => {
+            done(null, user);
+        })
    })

-    passport.deserializeUser((user: IUserAuth, done) => {
-        done(null, user);
+    passport.deserializeUser((user: Express.User, done) => {
+        process.nextTick(() => {
+            done(null, user);
+        })
    })

-    // sign in method with passport local strategy
-    passport.use(new LocalStrategy({
-        usernameField: 'email',
-        passwordField: 'password'
-    }, async (email, password, done) => {
+    // config for jwt strategy
+    let opts = {
+        jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+        secretOrKey: 'secret'
+    }
+
+    // jwt strategy
+    passport.use(new JwtStrategy(opts, async (token, done) => {
        try {
-            const response = await AuthInstance.login({ email, password });
-            return done(null, response);
-        } catch (e: any) {
-            return done(e);
+            return done(null, token.user);
+        } catch (error) {
+            done(error);
        }
    }))