adding token auth

manifest.js

@@ -23,6 +23,9 @@ const manifest = {
       {
         plugin: 'hapi-auth-cookie'
       },
+      {
+        plugin: 'hapi-auth-jwt2'
+      },
       {
         plugin: 'hapi-auth-basic'
       },

server/anchor/anchor-api.js

@@ -11,7 +11,7 @@ const register = function (server,serverOptions) {
     path:'/api/{collectionName}',
     options: {
       auth: {
-        strategies: ['session','simple'],
+        strategies: ['simple','session','token'],
         mode: 'try'
       },
       pre: [{
@@ -80,7 +80,7 @@ const register = function (server,serverOptions) {
     path: '/api/{collectionName}/{id}',
     options: {
       auth: {
-        strategies: ['simple','session'],
+        strategies: ['simple','session','token'],
         mode: 'try'
       },
       pre: [{
@@ -193,7 +193,7 @@ const register = function (server,serverOptions) {
     path: '/api/{collectionName}/{id}',
     options: {
       auth: {
-        strategies: ['simple','session'],
+        strategies: ['simple','session','token'],
         mode:'try'
       },
       pre: [{
@@ -249,7 +249,7 @@ const register = function (server,serverOptions) {
     path: '/api/{collectionName}/{id}',
     options: {
       auth: {
-        strategies: ['simple','session'],
+        strategies: ['simple','session','token'],
         mode:'try'
       },
       pre: [{
@@ -325,7 +325,7 @@ const register = function (server,serverOptions) {
         }
       },
       auth: {
-        strategies: ['simple','session'],
+        strategies: ['simple','session','token'],
         mode: 'try'
       },
       pre: [{

server/anchor/anchor-model.js

@@ -913,7 +913,7 @@ AnchorModel.routes = {
   auth: true,
   disabled: false,
   create: {
-    auth: true,
+    auth: false,
     disabled: false,
     payload: null,
     handler: async (request,h) => {

server/auth.js

@@ -3,8 +3,7 @@ const Config = require('../config');
 const Session = require('./models/session');
 const User = require('./models/user');
 const Token = require('./models/token');
-const Jwt2 = require('hapi-auth-jwt2');
-const Crypto = require('crypto');
+const Crypto = require('./crypto');
 
 
 const register = function (server, options) {
@@ -37,38 +36,68 @@ const register = function (server, options) {
     }
   });
 
-  server.auth.strategy('token','jwt2', {
-    validate: async function (request,id) {
+  server.auth.strategy('token','jwt', {
+    key: Config.get('/cookieSecret'),
+    validate: async function (id,request) {
+
+      console.log('TOKEN');
+      console.log(id);
+
+      const split = id.split(':');
+
+
+      const tokenId = split[0];
+      const password = split[1];
+
+      console.log(tokenId);
+
+
+      const token = await Token.findById(tokenId);
+      if (token) {
+        console.log(token);
+      }
+      const user = await User.findById(token.userId);
+
+      if (user) {
+        console.log(user);
+      }
 
-      const token = await Token.FindByID(id);
-      const user = await User.findByID(token.userId);
 
       if (!user) {
+        console.log('USERINVALID');
         return { isValid: false };
       }
 
       if (!user.isActive) {
+        console.log('USER NOT ACTIVE');
         return { isValid: false };
       }
 
-      if (Crypto.compare(token,token)){
+      console.log('passing through');
+      console.log(password);
+      console.log(token.token);
+      console.log('passing again');
+      if (await Crypto.compare(password,token.token)){
+        console.log('comparison completed');
         const credentials = {
           user,
           session: token
         };
 
-        return { credentials, session: token };
-
-      }
-      return { isValid: false };
-
+        console.log('passing tests');
 
+        return { credentials, isValid: true };
 
+      }
 
-    }
+      console.log('comparison failed');
+      return { isValid: false };
+    },
+    verifyOptions: { algorithms: ['HS256'] }
   });
 
 
+
   server.auth.strategy('session', 'cookie', {
     password: Config.get('/cookieSecret'),
     cookie: 'anchor-auth',
@@ -113,8 +142,8 @@ module.exports = {
   dependencies: [
     'hapi-auth-basic',
     'hapi-auth-cookie',
-    'hapi-anchor-model',
-    'hapi-auth-jwt2'
+    'hapi-auth-jwt2',
+    'hapi-anchor-model'
   ],
   register
 };

server/crypto.js

@@ -16,6 +16,7 @@ class Crypto {
 
   static async compare(key,token) {
 
+  	console.log('COMPARING');
     return await Bcrypt.compare(key, token);
 
   }

server/models/token.js

@@ -4,33 +4,32 @@ const Crypto = require('../crypto');
 const Hoek = require('hoek');
 const Joi = require('joi');
 const JWT = require('jsonwebtoken');
-
+const Config = require('../../config');
+// const config -> require cookie secret for JWT
 
 class Token extends AnchorModel {
 
 
   static async create(document) {
 
     const keyHash = await Crypto.generateKeyHash();
-    keyHash.key = JWT.sign({ key: keyHash.key }, 'secret');
-    const signedKeyHash = JWT.sign({ key : keyHash.hash }, 'secret');
 
     document = {
       description: document.description,
       active: true,
       createdAt: new Date(),
-      token:signedKeyHash,
+      token:keyHash.hash,
       userId: document.userId
 
 
 
-
-
-
-
     };
 
     const token = await this.insertOne(document);
+    console.log(token[0]._id);
+    keyHash.key = JWT.sign(( token[0]._id + ':' + keyHash.key), Config.get('/cookieSecret'));
+    console.log(keyHash.key);
+
     token[0].key = keyHash.key;
 
     return token[0];
@@ -56,7 +55,7 @@ Token.schema = Joi.object({
 Token.payload = Joi.object({
   userId: Joi.string().required(),
   description: Joi.string().required(),
-  active: Joi.boolean().required(),
+  active: Joi.boolean(),
   permission: Joi.object()
 });
 
@@ -66,6 +65,7 @@ Token.routes = Hoek.applyToDefaults(AnchorModel.routes, {
     payload: Token.payload
   },
   update: {
+    auth: true,
     payload: Token.payload
   },
   delete: {