-
Notifications
You must be signed in to change notification settings - Fork 0
/
passport.js
84 lines (57 loc) · 2.58 KB
/
passport.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
// Using Passport to authenticate a user when they attempt to access a route requiring authentication
// Answer question "is our user logged in?" before they hit the authentication controller
import passport from 'passport';
import User from'../models/user';
// import JwtStrategy from'passport-jwt'; // this strategy validates a user with a JWT
import { ExtractJwt, Strategy } from 'passport-jwt';
import LocalStrategy from 'passport-local';
// Create local strategy
const localOptions = { usernameField: 'email' };
const localLogin = new LocalStrategy(localOptions, function(email, password, done) {
// Verify username and password, call done with the user if it is the correct username and password
// otherwise call done with false
User.findOne({ email: email }, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false);
}
// compare passwords - is `password` === user.password ?
// have to compare a plaintext password with an encrypted password
user.comparePassword(password, function(err, isMatch) {
if (err) {
return done(err);
}
if (!isMatch) {
return done(null, false);
}
return done(null, user);
});
});
});
// Set up options for JWT Strategy
const jwtOptions = { // have to tell JWT strategy where to look on request in order to find this key or secret
jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme('Bearer'),
secretOrKey: process.env.JWT_SECRET,
};
// Create JWT Strategy
const jwtLogin = new Strategy(jwtOptions, function(payload, done) {
// When we get the payload back it is going to be the user Id and timestamp that was encoded when we created userToken (will have subject property and issuedAt property)
// done is a callback function we call when we're able to successfully authenticate the user
// See if the user ID in the payload exists in the database. If it does, call 'done'. Otherwise, call 'done' without a user object
User.findById(payload.sub, function (err, user) {
if (err) {
return done(err, false); // search failed to occur
}if (user) {
delete user.password;
//
done(null, user); // search occurred and found a user
} else {
done(null, false); // search occurred but we couldn't find a user (person is not authenticated)
}
});
});
// Tell Passport to use the Strategy
passport.use(jwtLogin);
passport.use(localLogin);