tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Properly authenticate user against DB

Browse Source
This commit is contained in:
Elliot DeNolf
2018-12-16 21:51:00 -05:00
parent 46dc80d46d
commit d8bdf45283
5 changed files with 42 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/auth/index.js
View File

@@ -10,21 +10,27 @@ export default User => ({
* @returns {*}
*/
login: (req, res) => {
let { email, password } = req.body;
//This lookup would normally be done using a database
if (email === 'james@jamestest.com') {
if (password === 'test123') { //the password compare would normally be done using bcrypt.
let { email, password} = req.body;
console.log(email);
console.log(password);
User.findByUsername(email, (err, user) => {
if (err || !user) return res.status(401).json({ message: 'Auth Failed' });
user.authenticate(password, (authErr, model, passwordError) => {
if (authErr || passwordError) return res.status(401).json({ message: 'Auth Failed' });
console.log('Correct password. Generating token.');
let opts = {};
opts.expiresIn = 120; //token expires in 2min
const secret = 'SECRET_KEY'; //normally stored in process.env.secret
opts.expiresIn = process.env.tokenExpiration || 1200; // 20min default expiration
const secret = process.env.secret || 'SECRET_KEY';
const token = jwt.sign({ email }, secret, opts);
return res.status(200).json({
message: 'Auth Passed',
token
})
}
}
return res.status(401).json({ message: 'Auth Failed' });
});
})
});
},
/**

18
src/auth/jwt.js
View File

@@ -3,17 +3,11 @@ import passportJwt from 'passport-jwt';
const JwtStrategy = passportJwt.Strategy;
const ExtractJwt = passportJwt.ExtractJwt;
const opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = 'SECRET_KEY'; //normally store this in process.env.secret
const opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme('JWT');
opts.secretOrKey = process.env.secret || 'SECRET_KEY';
export default User => new JwtStrategy(opts, (jwtPayload, done) => {
// Access to User model
console.log(User);
if (jwtPayload.email === 'james@jamestest.com') {
return done(null, true)
}
return done(null, false)
export default () => new JwtStrategy(opts, (jwtPayload, done) => {
console.log(`Token authenticated for user: ${jwtPayload.email}`);
return done(null, true);
})