🚧 Simper, leaner version of superlogin

No more session caching

.github/workflows/ci-workflow.yml

@@ -7,6 +7,7 @@ on:
       - master
       - release
       - dev
+      - minimal
 
 jobs:
   test:

package.json

@@ -50,20 +50,19 @@
     "@types/express": "^4.17.6",
     "@types/nodemailer": "^6.4.0",
     "@types/passport": "^1.0.3",
-    "bluebird": "^3.7.2",
     "deepmerge": "^4.2.2",
     "ejs": "^3.1.3",
     "express": "^4.17.1",
-    "fs-extra": "^9.0.0",
     "nodemailer": "^6.4.6",
-    "nodemailer-stub-transport": "^1.1.0",
     "passport": "^0.4.1",
     "passport-http-bearer-sl": "^1.0.1",
     "passport-local": "^1.0.0",
-    "redis": "^3.0.2",
     "urlsafe-base64": "1.0.0",
     "uuid": "^8.2.0"
   },
+  "optionalDependencies": {
+    "nodemailer-stub-transport": "^1.1.0"
+  },
   "devDependencies": {
     "@types/ejs": "^3.0.4",
     "@types/passport-local": "^1.0.33",

src/dbauth/couchdb.ts

@@ -52,14 +52,11 @@ export class CouchAdapter implements DBAdapter {
       roles: roles,
       provider: provider
     };
-    if (this.couchAuthOnCloudant) {
-      // PWs need to be hashed manually when using pbkdf2
-      newKey.password_scheme = 'pbkdf2';
-      newKey.iterations = 10;
-      newKey = { ...newKey, ...(await hashPassword(password)) };
-    } else {
-      newKey.password = password;
-    }
+    // required when using Cloudant or other db than `_users`
+    newKey.password_scheme = 'pbkdf2';
+    newKey.iterations = 10;
+    newKey = { ...newKey, ...(await hashPassword(password)) };
+
     await this.#couchAuthDB.insert(newKey);
     newKey._id = key;
     return newKey;

src/dbauth/index.ts

@@ -67,7 +67,7 @@ export class DBAuth {
   }
 
   retrieveKey(key: string) {
-    return this.#adapter.retrieveKey(key);
+    return this.#adapter.retrieveKey(key) as Promise<CouchDbAuthDoc>;
   }
 
   /** generates a random token and password (CouchDB) or retrieves from Cloudant */

src/index.ts

@@ -1,17 +1,15 @@
 'use strict';
 import {
   addProvidersToDesignDoc,
-  getCloudantURL,
-  getDBURL,
   hashPassword,
   loadCouchServer,
   verifyPassword
 } from './util';
-import cloudant, { ServerScope as CloudantServer } from '@cloudant/cloudant';
 import { CouchDbAuthDoc, SlUserDoc } from './types/typings';
+import { DocumentScope, ServerScope as NanoServer } from 'nano';
 import express, { Router } from 'express';
-import nano, { DocumentScope, ServerScope as NanoServer } from 'nano';
 import { Authenticator } from 'passport';
+import { ServerScope as CloudantServer } from '@cloudant/cloudant';
 import { Config } from './types/config';
 import { ConfigHelper } from './config/configure';
 import events from 'events';

src/session.ts

@@ -1,98 +1,21 @@
 'use strict';
-
-import { hashPassword, verifyPassword } from './util';
-import { FileAdapter } from './sessionAdapters/FileAdapter';
-import { MemoryAdapter } from './sessionAdapters/MemoryAdapter';
-import { RedisAdapter } from './sessionAdapters/RedisAdapter';
-
-const extend = require('util')._extend;
-
-const tokenPrefix = 'token';
+import { LocalHashObj } from './types/typings';
+import { verifyPassword } from './util';
 
 export class Session {
-  #adapter;
   static invalidMsg = 'invalid token';
-  constructor(config) {
-    let adapter;
-    const sessionAdapter = config.getItem('session.adapter');
-    if (sessionAdapter === 'redis') {
-      adapter = new RedisAdapter(config);
-    } else if (sessionAdapter === 'file') {
-      adapter = new FileAdapter(config);
-    } else {
-      adapter = new MemoryAdapter();
-    }
-    this.#adapter = adapter;
-  }
+  constructor(config?) {}
 
-  storeToken(token) {
-    token = extend({}, token);
-    if (!token.password && token.salt && token.derived_key) {
-      return this.#adapter
-        .storeKey(
-          tokenPrefix + ':' + token.key,
-          token.expires - Date.now(),
-          JSON.stringify(token)
-        )
-        .then(() => {
-          delete token.salt;
-          delete token.derived_key;
-          return Promise.resolve(token);
-        });
-    }
-    return hashPassword(token.password)
-      .then(hash => {
-        token.salt = hash.salt;
-        token.derived_key = hash.derived_key;
-        delete token.password;
-        return this.#adapter.storeKey(
-          tokenPrefix + ':' + token.key,
-          token.expires - Date.now(),
-          JSON.stringify(token)
-        );
-      })
-      .then(() => {
-        delete token.salt;
-        delete token.derived_key;
-        return Promise.resolve(token);
-      });
-  }
-
-  deleteTokens(keys) {
-    const entries = [];
-    if (!(keys instanceof Array)) {
-      keys = [keys];
-    }
-    keys.forEach(key => {
-      entries.push(tokenPrefix + ':' + key);
-    });
-    return this.#adapter.deleteKeys(entries);
-  }
-
-  async confirmToken(key: string, password: string) {
+  /** Confirms the token and removes the information that should not be sent to the client */
+  async confirmToken(token: LocalHashObj, password: string) {
     try {
-      const result = await this.#adapter.getKey(tokenPrefix + ':' + key);
-      if (!result) {
-        throw Session.invalidMsg;
-      }
-      const token = JSON.parse(result);
       await verifyPassword(token, password);
       delete token.salt;
       delete token.derived_key;
+      delete token.iterations;
       return token;
     } catch (error) {
       throw Session.invalidMsg;
     }
   }
-  /**
-   * retrieved the key from the session adapter
-   */
-  fetchToken(key: string) {
-    return this.#adapter.getKey(tokenPrefix + ':' + key).then(result => {
-      return Promise.resolve(JSON.parse(result));
-    });
-  }
-  quit() {
-    return this.#adapter.quit();
-  }
 }