tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

namespaces API keys, finds collection based on JWT collection payload

Browse Source
This commit is contained in:
James
2020-07-01 18:32:39 -04:00
parent b1b6add2c0
commit fef816fac3
19 changed files with 132 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/auth/auth.spec.js
View File

@@ -51,7 +51,7 @@ describe('Users REST API', () => {
it('should return a logged in user from /me', async () => {
const response = await fetch(`${url}/api/admins/me`, {
headers: {
Authorization: `JWT ${token}`,
Authorization: `Admin JWT ${token}`,
},
});
@@ -65,7 +65,7 @@ describe('Users REST API', () => {
const response = await fetch(`${url}/api/admins/refresh-token`, {
method: 'post',
headers: {
Authorization: `JWT ${token}`,
Authorization: `Admin JWT ${token}`,
},
});
@@ -104,7 +104,7 @@ describe('Users REST API', () => {
roles: ['editor'],
}),
headers: {
Authorization: `JWT ${token}`,
Authorization: `Admin JWT ${token}`,
'Content-Type': 'application/json',
},
method: 'post',

2
src/auth/operations/refresh.js
View File

@@ -24,7 +24,7 @@ const refresh = async (args) => {
const opts = {};
opts.expiresIn = options.collection.config.auth.tokenExpiration;
const token = options.authorization.replace('JWT ', '');
const token = options.authorization.replace(`${options.collection.config.labels.singular} JWT `, '');
const payload = jwt.verify(token, secret, {});
delete payload.iat;
delete payload.exp;

2
src/auth/strategies/apiKey.js
View File

@@ -3,7 +3,7 @@ const PassportAPIKey = require('passport-headerapikey').HeaderAPIKeyStrategy;
module.exports = ({ Model, config }) => {
const opts = {
header: 'Authorization',
prefix: 'API-Key ',
prefix: `${config.labels.singular} API-Key `,
};
return new PassportAPIKey(opts, false, (apiKey, done) => {

4
src/auth/strategies/jwt.js
View File

@@ -3,13 +3,15 @@ const passportJwt = require('passport-jwt');
const JwtStrategy = passportJwt.Strategy;
const { ExtractJwt } = passportJwt;
module.exports = (config, collection) => {
module.exports = (config, collections) => {
const opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme('JWT');
opts.secretOrKey = config.secret;
return new JwtStrategy(opts, async (token, done) => {
try {
const collection = collections[token.collection];
const user = await collection.Model.findByUsername(token.email);
const json = user.toJSON({ virtuals: true });