From fee61707480b771fa16759c146fd79616b064673 Mon Sep 17 00:00:00 2001
From: James <james@trbl.design>
Date: Tue, 9 Jun 2020 13:42:20 -0400
Subject: [PATCH] enables optional api key auth

---
 demo/collections/Admin.js              |  1 +
 demo/collections/Customers.js          |  1 +
 src/auth/baseAPIKeyFields.js           | 20 ++++++++++++++++++++
 src/auth/baseFields.js                 | 16 ----------------
 src/collections/init.js                | 15 +++++++++++++--
 src/express/middleware/authenticate.js |  9 +++++++--
 6 files changed, 42 insertions(+), 20 deletions(-)
 create mode 100644 src/auth/baseAPIKeyFields.js

diff --git a/demo/collections/Admin.js b/demo/collections/Admin.js
index deab2e788c..091429bca7 100644
--- a/demo/collections/Admin.js
+++ b/demo/collections/Admin.js
@@ -22,6 +22,7 @@ module.exports = {
   },
   auth: {
     tokenExpiration: 300,
+    useAPIKey: true,
   },
   fields: [
     {
diff --git a/demo/collections/Customers.js b/demo/collections/Customers.js
index 7016feac80..8e2a47f427 100644
--- a/demo/collections/Customers.js
+++ b/demo/collections/Customers.js
@@ -8,6 +8,7 @@ module.exports = {
   },
   useAsTitle: 'email',
   policies: {
+    admin: () => false,
     create: () => true,
     read: ({ req: { user } }) => {
       if (checkRole(['admin'], user)) {
diff --git a/src/auth/baseAPIKeyFields.js b/src/auth/baseAPIKeyFields.js
new file mode 100644
index 0000000000..4917aae073
--- /dev/null
+++ b/src/auth/baseAPIKeyFields.js
@@ -0,0 +1,20 @@
+const validations = require('../fields/validations');
+
+module.exports = [
+  {
+    name: 'enableAPIKey',
+    label: 'Enable API key for this user',
+    type: 'checkbox',
+    defaultValue: false,
+    validate: validations.checkbox,
+  },
+  {
+    name: 'apiKey',
+    type: 'text',
+    label: 'User API Key',
+    condition: (_, siblings) => {
+      return siblings.enableAPIKey && siblings.enableAPIKey.value;
+    },
+    validate: validations.text,
+  },
+];
diff --git a/src/auth/baseFields.js b/src/auth/baseFields.js
index c0ff4ad3bc..5a52863d1a 100644
--- a/src/auth/baseFields.js
+++ b/src/auth/baseFields.js
@@ -17,20 +17,4 @@ module.exports = [
     type: 'date',
     hidden: true,
   },
-  {
-    name: 'enableAPIKey',
-    label: 'Enable API key for this user',
-    type: 'checkbox',
-    defaultValue: false,
-    validate: validations.checkbox,
-  },
-  {
-    name: 'apiKey',
-    type: 'text',
-    label: 'User API Key',
-    condition: (_, siblings) => {
-      return siblings.enableAPIKey && siblings.enableAPIKey.value;
-    },
-    validate: validations.text,
-  },
 ];
diff --git a/src/collections/init.js b/src/collections/init.js
index 24d2d596fe..fa0ce2e2db 100644
--- a/src/collections/init.js
+++ b/src/collections/init.js
@@ -13,6 +13,7 @@ const apiKeyStrategy = require('../auth/strategies/apiKey');
 const collectionRoutes = require('./routes');
 const buildSchema = require('./buildSchema');
 const baseAuthFields = require('../auth/baseFields');
+const baseAPIKeyFields = require('../auth/baseAPIKeyFields');
 const authRoutes = require('../auth/routes');
 
 function registerCollections() {
@@ -106,6 +107,13 @@ function registerCollections() {
         ...baseAuthFields,
         ...formattedCollection.fields,
       ];
+
+      if (collection.auth.useAPIKey) {
+        formattedCollection.fields = [
+          ...formattedCollection.fields,
+          ...baseAPIKeyFields,
+        ];
+      }
     }
 
     const schema = buildSchema(formattedCollection, this.config);
@@ -123,9 +131,12 @@ function registerCollections() {
 
     if (collection.auth) {
       const AuthCollection = this.collections[formattedCollection.slug];
-
       passport.use(new LocalStrategy(AuthCollection.Model.authenticate()));
-      passport.use(`${AuthCollection.config.slug}-api-key`, apiKeyStrategy(AuthCollection));
+
+      if (collection.auth.useAPIKey) {
+        passport.use(`${AuthCollection.config.slug}-api-key`, apiKeyStrategy(AuthCollection));
+      }
+
       passport.use(`${AuthCollection.config.slug}-jwt`, jwtStrategy(this.config, AuthCollection));
       passport.serializeUser(AuthCollection.Model.serializeUser());
       passport.deserializeUser(AuthCollection.Model.deserializeUser());
diff --git a/src/express/middleware/authenticate.js b/src/express/middleware/authenticate.js
index 509c8ef470..09d40e4c84 100644
--- a/src/express/middleware/authenticate.js
+++ b/src/express/middleware/authenticate.js
@@ -3,11 +3,16 @@ const passport = require('passport');
 module.exports = (config) => {
   const methods = config.collections.reduce((enabledMethods, collection) => {
     if (collection.auth) {
-      return [
-        `${collection.slug}-api-key`,
+      const collectionMethods = [
         `${collection.slug}-jwt`,
         ...enabledMethods,
       ];
+
+      if (collection.auth.enableAPIKey) {
+        collectionMethods.unshift(`${collection.slug}-api-key`);
+      }
+
+      return collectionMethods;
     }
 
     return enabledMethods;