diff --git a/README.md b/README.md index b970870..edb9787 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ use to authorize the following requests. it also sets a cookie to make requesting from the client more simple. (cookie parser is needed to make authentication with cookies possible) -the id of the logged in user will be available in `res.connection.user_id` in +the id of the logged in user will be available in `req.connection.user_id` in all of the following request handlers. ### Excluding routes diff --git a/index.js b/index.js index 269d9fe..7746061 100644 --- a/index.js +++ b/index.js @@ -39,9 +39,10 @@ function init (get_user, ignore_paths = []) { * * @param {string} user name or email of the given user * @param {string} password hashed password + * @param {any} req request object * @returns {Promise} session key if successful */ -async function authenticate (user, password, response) { +async function authenticate (user, password, req) { const user_entry = await new Promise ((res) => res (me.get_user (user))); @@ -51,7 +52,7 @@ async function authenticate (user, password, response) { if (!await password_helper.verify (user_entry.password, password)) return null; - response.connection.user_id = user_entry.id; + req.connection.user_id = user_entry.id; const session_key = crypto.sign_object ( { id: user_entry.id }, @@ -98,11 +99,13 @@ function request_handler_block (session, user, res) { * @param {string} session session key * @param {string} user user name * @param {string} key user hash + * @param {any} req request object * @param {any} res response object * @param {any} next next handler * @returns {Promise} true if handler authenticated */ -async function request_handler_authenticate (session, user, key, res, next) { +// eslint-disable-next-line max-len, max-params +async function request_handler_authenticate (session, user, key, req, res, next) { if (typeof session === 'undefined' && typeof user !== 'undefined') { if (typeof key === 'undefined') { const user_salt = await salt (user); @@ -115,7 +118,7 @@ async function request_handler_authenticate (session, user, key, res, next) { return true; } - const session_key = await authenticate (user, key); + const session_key = await authenticate (user, key, req); res.status ( session_key === null @@ -137,6 +140,7 @@ async function request_handler_authenticate (session, user, key, res, next) { { id: jwt.id }, me.jwt_secret ); + req.connection.user_id = jwt.id; res.cookie ( me.app_id, new_user_token, @@ -192,7 +196,7 @@ async function request_handler (req, res, next) { if (request_handler_block (session, user, res)) return; - if (await request_handler_authenticate (session, user, key, res, next)) + if (await request_handler_authenticate (session, user, key, req, res, next)) return; res.status (consts.http.status_forbidden); diff --git a/mock_server.js b/mock_server.js index d83e77a..a469e97 100644 --- a/mock_server.js +++ b/mock_server.js @@ -42,7 +42,7 @@ async function start_server () { app.use ((req, res) => { res.status (consts.http.status_ok) - .end (`foo:${res.connection.user_id}`); + .end (`foo:${req.connection.user_id}`); }); return new Promise ((res) => { diff --git a/test/index.js b/test/index.js index ae8df09..266cdca 100644 --- a/test/index.js +++ b/test/index.js @@ -20,15 +20,12 @@ test.before (async () => { port = await mock_server.start_server (); }); -test.only ('login', async (t) => { - console.log ('logging in'); - console.log ('port:', port); +test ('login', async (t) => { const session = await client.login ( 'testuser', 'foo', `http://localhost:${port}` ); - console.log ('server respond'); t.is (typeof session, 'string'); const resp = await fetch ( @@ -38,7 +35,6 @@ test.only ('login', async (t) => { t.is (resp.status, consts.http.status_ok); t.is (await resp.text (), 'foo:69'); - console.log ('done test'); }); test ('allow access to excluded paths', async (t) => {