Timo/auth-server-helper
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Timo Hocker 2020-07-10 19:30:53 +02:00
parent c40e6c19ea
commit cf927114c2
4 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -46,7 +46,7 @@ use to authorize the following requests. it also sets a cookie to make
requesting from the client more simple. (cookie parser is needed to make
authentication with cookies possible)
the id of the logged in user will be available in `res.connection.user_id` in
the id of the logged in user will be available in `req.connection.user_id` in
all of the following request handlers.
### Excluding routes

14
index.js
View File

@ -39,9 +39,10 @@ function init (get_user, ignore_paths = []) {
*
* @param {string} user name or email of the given user
* @param {string} password hashed password
* @param {any} req request object
* @returns {Promise<string>} session key if successful
*/
async function authenticate (user, password, response) {
async function authenticate (user, password, req) {
const user_entry
= await new Promise ((res) => res (me.get_user (user)));
@ -51,7 +52,7 @@ async function authenticate (user, password, response) {
if (!await password_helper.verify (user_entry.password, password))
return null;
response.connection.user_id = user_entry.id;
req.connection.user_id = user_entry.id;
const session_key = crypto.sign_object (
{ id: user_entry.id },
@ -98,11 +99,13 @@ function request_handler_block (session, user, res) {
* @param {string} session session key
* @param {string} user user name
* @param {string} key user hash
* @param {any} req request object
* @param {any} res response object
* @param {any} next next handler
* @returns {Promise<boolean>} true if handler authenticated
*/
async function request_handler_authenticate (session, user, key, res, next) {
// eslint-disable-next-line max-len, max-params
async function request_handler_authenticate (session, user, key, req, res, next) {
if (typeof session === 'undefined' && typeof user !== 'undefined') {
if (typeof key === 'undefined') {
const user_salt = await salt (user);
@ -115,7 +118,7 @@ async function request_handler_authenticate (session, user, key, res, next) {
return true;
}
const session_key = await authenticate (user, key);
const session_key = await authenticate (user, key, req);
res.status (
session_key === null
@ -137,6 +140,7 @@ async function request_handler_authenticate (session, user, key, res, next) {
{ id: jwt.id },
me.jwt_secret
);
req.connection.user_id = jwt.id;
res.cookie (
me.app_id,
new_user_token,
@ -192,7 +196,7 @@ async function request_handler (req, res, next) {
if (request_handler_block (session, user, res))
return;
if (await request_handler_authenticate (session, user, key, res, next))
if (await request_handler_authenticate (session, user, key, req, res, next))
return;
res.status (consts.http.status_forbidden);

2
mock_server.js
View File

@ -42,7 +42,7 @@ async function start_server () {
app.use ((req, res) => {
res.status (consts.http.status_ok)
.end (`foo:${res.connection.user_id}`);
.end (`foo:${req.connection.user_id}`);
});
return new Promise ((res) => {

6
test/index.js
View File

@ -20,15 +20,12 @@ test.before (async () => {
port = await mock_server.start_server ();
});
test.only ('login', async (t) => {
console.log ('logging in');
console.log ('port:', port);
test ('login', async (t) => {
const session = await client.login (
'testuser',
'foo',
`http://localhost:${port}`
);
console.log ('server respond');
t.is (typeof session, 'string');
const resp = await fetch (
@ -38,7 +35,6 @@ test.only ('login', async (t) => {
t.is (resp.status, consts.http.status_ok);
t.is (await resp.text (), 'foo:69');
console.log ('done test');
});
test ('allow access to excluded paths', async (t) => {