From 507c0ceba37c06635f4edd7a46a2e00a0dc43128 Mon Sep 17 00:00:00 2001 From: Timo Hocker Date: Fri, 10 Jul 2020 15:39:14 +0200 Subject: [PATCH] user_id in connection info --- CHANGELOG.md | 9 +++++++++ README.md | 5 ++++- index.js | 4 +++- mock_server.js | 5 +++-- package.json | 2 +- test/index.js | 6 +++--- 6 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..1730194 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,9 @@ +# Changelog + +## 1.1.0 + +add user_id to res.connection, so request handlers can access the current user + +## 1.0.0 + +initial release diff --git a/README.md b/README.md index d1da793..b970870 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # @sapphirecode/auth-server-helper -version: 1.0.x +version: 1.1.x authentication middleware for express @@ -46,6 +46,9 @@ use to authorize the following requests. it also sets a cookie to make requesting from the client more simple. (cookie parser is needed to make authentication with cookies possible) +the id of the logged in user will be available in `res.connection.user_id` in +all of the following request handlers. + ### Excluding routes exceptions to the auth module can be added by adding an array of regular diff --git a/index.js b/index.js index 00f2f76..269d9fe 100644 --- a/index.js +++ b/index.js @@ -41,7 +41,7 @@ function init (get_user, ignore_paths = []) { * @param {string} password hashed password * @returns {Promise} session key if successful */ -async function authenticate (user, password) { +async function authenticate (user, password, response) { const user_entry = await new Promise ((res) => res (me.get_user (user))); @@ -51,6 +51,8 @@ async function authenticate (user, password) { if (!await password_helper.verify (user_entry.password, password)) return null; + response.connection.user_id = user_entry.id; + const session_key = crypto.sign_object ( { id: user_entry.id }, me.jwt_secret diff --git a/mock_server.js b/mock_server.js index de2f7e4..f848042 100644 --- a/mock_server.js +++ b/mock_server.js @@ -22,12 +22,13 @@ const password_helper = require ('@sapphirecode/password-helper'); async function start_server () { const app = express (); + const id = 69; const name = 'testuser'; const salt = crypto.create_salt (); const password = await password_helper.hash ( crypto.hash_sha512 ('foo', salt) ); - const user = { name, salt, password }; + const user = { id, name, salt, password }; app.use (auth ((user_name) => { if (user.name === user_name) @@ -41,7 +42,7 @@ async function start_server () { app.use ((req, res) => { res.status (consts.http.status_ok) - .end ('foo'); + .end (`foo:${res.connection.user_id}`); }); app.listen (3000); diff --git a/package.json b/package.json index de58dfd..7f9d0b5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@sapphirecode/auth-server-helper", - "version": "1.0.56", + "version": "1.1.0", "main": "index.js", "author": "Timo Hocker ", "license": "MIT", diff --git a/test/index.js b/test/index.js index 96cb910..5e1dd75 100644 --- a/test/index.js +++ b/test/index.js @@ -30,14 +30,14 @@ test ('login', async (t) => { const resp = await fetch ('http://localhost:3000', { headers: { session } }); t.is (resp.status, consts.http.status_ok); - t.is (await resp.text (), 'foo'); + t.is (await resp.text (), 'foo:69'); }); test ('allow access to excluded paths', async (t) => { const resp = await fetch ('http://localhost:3000/noauthreg'); t.is (resp.status, consts.http.status_ok); - t.is (await resp.text (), 'foo'); + t.is (await resp.text (), 'foo:undefined'); }); test ('allow access to excluded paths with correct method', async (t) => { @@ -47,7 +47,7 @@ test ('allow access to excluded paths with correct method', async (t) => { ); t.is (resp.status, consts.http.status_ok); - t.is (await resp.text (), 'foo'); + t.is (await resp.text (), 'foo:undefined'); }); test ('reject access to excluded paths with wrong method', async (t) => {