Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature: Add REST authenticate route + updating dependencies
- Loading branch information
1 parent
9fc836e
commit f40a6e0
Showing
5 changed files
with
94 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
import Cookies from 'cookies' | ||
import moment from 'moment' | ||
import Strategy from 'passport-local' | ||
import passport from 'passport' | ||
import jwt from 'jwt-simple' | ||
|
||
import { | ||
config, | ||
User | ||
} from '../../../cli' | ||
|
||
/** | ||
* Strategy | ||
*/ | ||
passport.use(new Strategy( | ||
function(username, password, done) { | ||
User.utils.findByUsername(username, function(err, user) { | ||
if (err) { return done(err) } | ||
if (!user) { return done(null, false, { message: 'Incorrect username or password.' }) } | ||
if(!User.utils.isValid(user, password)) { | ||
return done(null, false, { message: 'Incorrect username or password.' }) | ||
} | ||
return done(null, user) | ||
}) | ||
} | ||
)) | ||
|
||
passport.serializeUser(function(user, done) { | ||
done(null, user.id) | ||
}) | ||
|
||
passport.deserializeUser(function(id, done) { | ||
User.utils.find(id, function (err, user) { | ||
done(err, user) | ||
}) | ||
}) | ||
|
||
var route = function(req, res, next) { | ||
User.utils.loginLimitTry(req.body.username) | ||
.then((limit) => { | ||
if (limit != null) { | ||
// all good | ||
if (!limit.remaining) { | ||
req.flash('info', 'Rate limit exceeded') | ||
return res.status(401).json({ error: info }); | ||
} | ||
} | ||
|
||
passport.authenticate( | ||
'local', | ||
{ session: false}, | ||
function(err, user, info) { | ||
var secret = config.users.secret | ||
if (err) { return next(err) } | ||
|
||
if (!user) { | ||
req.flash('info', info.message) | ||
//return res.redirect('/abe/users/login') | ||
return res.status(401).json({ error: info }); | ||
} | ||
var expires = moment().add(7, 'days').valueOf() | ||
var token = jwt.encode({ | ||
iss: user.id, | ||
exp: expires, | ||
username: user.username, | ||
name: user.name, | ||
email: user.email, | ||
role: user.role | ||
}, secret) | ||
|
||
var cookies = new Cookies( req, res, { | ||
secure: config.cookie.secure | ||
}) | ||
cookies.set( 'x-access-token', token ) | ||
|
||
var result = {} | ||
res.set('Content-Type', 'application/json') | ||
res.send(JSON.stringify(result)) | ||
})(req, res, next) | ||
}) | ||
} | ||
|
||
export default route |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,11 @@ | ||
import post from './post' | ||
import posts from './posts' | ||
import activityStream from './activity-stream' | ||
import authenticate from './authenticate' | ||
|
||
export { | ||
post, | ||
posts, | ||
activityStream | ||
activityStream, | ||
authenticate | ||
} |