mirror of
https://github.com/kevin-DL/sapper-template.git
synced 2026-01-13 02:35:34 +00:00
98 lines
2.9 KiB
JavaScript
98 lines
2.9 KiB
JavaScript
import passport from 'passport';
|
|
import jwt from 'jsonwebtoken';
|
|
import bcrypt from 'bcrypt';
|
|
import { Strategy as LocalStrategy } from 'passport-local';
|
|
|
|
// WARNING: use a database instead of persistent memory to store users
|
|
// THE FOLLOWING IS BAD PRACTICE AND WILL NOT SCALE!!!
|
|
// It's only here for convenience.
|
|
import db from './db';
|
|
|
|
const env = process.env.NODE_ENV;
|
|
const JWT_SECRET = 'put-your-JWT-secret-here'; // you can set this w/ an environment variable
|
|
|
|
export function authSetup(app) {
|
|
|
|
passport.use(new LocalStrategy(async(username, password, done) => {
|
|
try {
|
|
const user = db.find('username', username);
|
|
if (user) {
|
|
const match = await bcrypt.compare(password, user.hash);
|
|
if (!match) {
|
|
return done(null, false, { message: `${user.username} is not authentic to that password.` });
|
|
}
|
|
done(null, { username: user.username, email: user.email });
|
|
} else {
|
|
return done(null, false, { message: `${username} does not exist.` });
|
|
}
|
|
} catch (error) {
|
|
done(error);
|
|
}
|
|
}));
|
|
|
|
app.use(passport.initialize());
|
|
|
|
app.post('/auth/signup', async(req, res, next) => {
|
|
try {
|
|
debugger
|
|
const { username, email, password } = req.body;
|
|
|
|
const userExists = db.find('username', username);
|
|
const emailExists = db.find('email', email);
|
|
|
|
if (userExists || emailExists) {
|
|
res.end(JSON.stringify({ userExists: !!userExists, emailExists: !!emailExists }));
|
|
}
|
|
|
|
const user = db.add({
|
|
username,
|
|
email,
|
|
hash: await bcrypt.hash(password, 10),
|
|
});
|
|
const userToSendToClient = { username: user.username, email: user.email };
|
|
|
|
// generate a signed son web token with the contents of user object and return it in the response
|
|
const month = 60 * 60 * 24 * 30;
|
|
const token = jwt.sign(userToSendToClient, JWT_SECRET, { expiresIn: month });
|
|
res.cookie('ds', token, {
|
|
// httpOnly: false,
|
|
secure: env === 'production' ? true : false,
|
|
maxAge: 1000 * month,
|
|
});
|
|
res.status(200).send({ user: userToSendToClient });
|
|
} catch (error) {
|
|
res.status(400).send({ error: 'req body should take the form { username, password }' });
|
|
}
|
|
});
|
|
|
|
app.post('/auth/local/login', (req, res) => {
|
|
passport.authenticate('local', { session: false, successRedirect: '/', failureRedirect: '/login' }, (err, user) => {
|
|
if (err || !user) {
|
|
return res.status(400).json({
|
|
message: 'Something went wrong.',
|
|
user: user ? user : false,
|
|
});
|
|
}
|
|
req.login(user, { session: false }, error => {
|
|
if (error) {
|
|
res.send(error);
|
|
}
|
|
// generate a signed son web token with the contents of user object and return it in the response
|
|
const month = 60 * 60 * 24 * 30;
|
|
const token = jwt.sign(user, JWT_SECRET, { expiresIn: month });
|
|
return res.cookie('ds', token, {
|
|
// httpOnly: false,
|
|
secure: env === 'production' ? true : false,
|
|
maxAge: 1000 * month,
|
|
}).json(user);
|
|
})
|
|
})(req, res);
|
|
});
|
|
|
|
app.post('/auth/logout', (req, res) => {
|
|
req.logout();
|
|
res.end('ok');
|
|
});
|
|
|
|
}
|