This commit is contained in:
parent
c40e6c19ea
commit
cf927114c2
@ -46,7 +46,7 @@ use to authorize the following requests. it also sets a cookie to make
|
||||
requesting from the client more simple. (cookie parser is needed to make
|
||||
authentication with cookies possible)
|
||||
|
||||
the id of the logged in user will be available in `res.connection.user_id` in
|
||||
the id of the logged in user will be available in `req.connection.user_id` in
|
||||
all of the following request handlers.
|
||||
|
||||
### Excluding routes
|
||||
|
14
index.js
14
index.js
@ -39,9 +39,10 @@ function init (get_user, ignore_paths = []) {
|
||||
*
|
||||
* @param {string} user name or email of the given user
|
||||
* @param {string} password hashed password
|
||||
* @param {any} req request object
|
||||
* @returns {Promise<string>} session key if successful
|
||||
*/
|
||||
async function authenticate (user, password, response) {
|
||||
async function authenticate (user, password, req) {
|
||||
const user_entry
|
||||
= await new Promise ((res) => res (me.get_user (user)));
|
||||
|
||||
@ -51,7 +52,7 @@ async function authenticate (user, password, response) {
|
||||
if (!await password_helper.verify (user_entry.password, password))
|
||||
return null;
|
||||
|
||||
response.connection.user_id = user_entry.id;
|
||||
req.connection.user_id = user_entry.id;
|
||||
|
||||
const session_key = crypto.sign_object (
|
||||
{ id: user_entry.id },
|
||||
@ -98,11 +99,13 @@ function request_handler_block (session, user, res) {
|
||||
* @param {string} session session key
|
||||
* @param {string} user user name
|
||||
* @param {string} key user hash
|
||||
* @param {any} req request object
|
||||
* @param {any} res response object
|
||||
* @param {any} next next handler
|
||||
* @returns {Promise<boolean>} true if handler authenticated
|
||||
*/
|
||||
async function request_handler_authenticate (session, user, key, res, next) {
|
||||
// eslint-disable-next-line max-len, max-params
|
||||
async function request_handler_authenticate (session, user, key, req, res, next) {
|
||||
if (typeof session === 'undefined' && typeof user !== 'undefined') {
|
||||
if (typeof key === 'undefined') {
|
||||
const user_salt = await salt (user);
|
||||
@ -115,7 +118,7 @@ async function request_handler_authenticate (session, user, key, res, next) {
|
||||
return true;
|
||||
}
|
||||
|
||||
const session_key = await authenticate (user, key);
|
||||
const session_key = await authenticate (user, key, req);
|
||||
|
||||
res.status (
|
||||
session_key === null
|
||||
@ -137,6 +140,7 @@ async function request_handler_authenticate (session, user, key, res, next) {
|
||||
{ id: jwt.id },
|
||||
me.jwt_secret
|
||||
);
|
||||
req.connection.user_id = jwt.id;
|
||||
res.cookie (
|
||||
me.app_id,
|
||||
new_user_token,
|
||||
@ -192,7 +196,7 @@ async function request_handler (req, res, next) {
|
||||
|
||||
if (request_handler_block (session, user, res))
|
||||
return;
|
||||
if (await request_handler_authenticate (session, user, key, res, next))
|
||||
if (await request_handler_authenticate (session, user, key, req, res, next))
|
||||
return;
|
||||
|
||||
res.status (consts.http.status_forbidden);
|
||||
|
@ -42,7 +42,7 @@ async function start_server () {
|
||||
|
||||
app.use ((req, res) => {
|
||||
res.status (consts.http.status_ok)
|
||||
.end (`foo:${res.connection.user_id}`);
|
||||
.end (`foo:${req.connection.user_id}`);
|
||||
});
|
||||
|
||||
return new Promise ((res) => {
|
||||
|
@ -20,15 +20,12 @@ test.before (async () => {
|
||||
port = await mock_server.start_server ();
|
||||
});
|
||||
|
||||
test.only ('login', async (t) => {
|
||||
console.log ('logging in');
|
||||
console.log ('port:', port);
|
||||
test ('login', async (t) => {
|
||||
const session = await client.login (
|
||||
'testuser',
|
||||
'foo',
|
||||
`http://localhost:${port}`
|
||||
);
|
||||
console.log ('server respond');
|
||||
t.is (typeof session, 'string');
|
||||
|
||||
const resp = await fetch (
|
||||
@ -38,7 +35,6 @@ test.only ('login', async (t) => {
|
||||
|
||||
t.is (resp.status, consts.http.status_ok);
|
||||
t.is (await resp.text (), 'foo:69');
|
||||
console.log ('done test');
|
||||
});
|
||||
|
||||
test ('allow access to excluded paths', async (t) => {
|
||||
|
Loading…
x
Reference in New Issue
Block a user