create api user/signup

yuttasakcom · Mar 7, 2018 · ad3c2a7 · ad3c2a7
1 parent adc5dba
commit ad3c2a7
Show file tree

Hide file tree

Showing 9 changed files with 65 additions and 33 deletions.
diff --git a/build/bundle.js b/build/bundle.js
diff --git a/package.json b/package.json
@@ -43,10 +43,11 @@
     ]
   },
   "dependencies": {
+    "babel-polyfill": "^6.26.0",
+    "bcrypt-nodejs": "^0.0.3",
     "body-parser": "^1.18.2",
     "compression": "^1.7.2",
     "cookie-session": "^2.0.0-beta.3",
-    "crypto": "^1.0.1",
     "dotenv": "^5.0.1",
     "express": "^4.16.2",
     "express-rate-limit": "^2.11.0",

diff --git a/src/app.js b/src/app.js
@@ -1,3 +1,4 @@
+import 'babel-polyfill'
 import express from 'express'
 import helmet from 'helmet'
 import morgan from 'morgan'

diff --git a/src/models/users.js b/src/models/users.js
@@ -1,17 +1,13 @@
 import mongoose from 'mongoose'
-import crypto from 'crypto'
+import bcrypt from 'bcrypt-nodejs'
 
-const User = new mongoose.Schema({
-  username: {
+const Users = new mongoose.Schema({
+  email: {
     type: String,
     unique: true,
     required: true
   },
-  hashedPassword: {
-    type: String,
-    required: true
-  },
-  salt: {
+  password: {
     type: String,
     required: true
   },
@@ -21,18 +17,7 @@ const User = new mongoose.Schema({
   }
 })
 
-User.methods.encryptPassword = password => crypto.pbkdf2Sync(password, this.salt, 10000, 512, 'sha512').toString('hex')
-
-User.virtual('userId').get(() => this.id)
-
-User.virtual('password')
-  .set(password => {
-    this._plainPassword = password
-    this.salt = crypto.randomBytes(128).toString('hex')
-    this.hashedPassword = this.encryptPassword(password)
-  })
-  .get(() => this._plainPassword)
-
-User.methods.checkPassword = password => this.encryptPassword(password) === this.hashedPassword
+Users.methods.generateHash = password => bcrypt.hashSync(password, bcrypt.genSaltSync(8), null)
+Users.methods.validPassword = password => bcrypt.compareSync(password, this.password)
 
-export default mongoose.model('users', User)
+export default mongoose.model('users', Users)
diff --git a/src/routes/api.js b/src/routes/api.js
@@ -8,7 +8,8 @@ const router = Router()
 router.post('/oauth/token', oauth2.token)
 
 // user
-router.get('/user/me', user.info)
+router.post('/user/signup', user.signup, (req, res) => res.json(req.user))
+router.get('/user/me', user.me)
 
 router.get('/', (req, res) => {
   res.end('express restful api')

diff --git a/src/services/auth/oauth2.js b/src/services/auth/oauth2.js
@@ -41,8 +41,8 @@ const generateTokens = (data, done) => {
   })
 }
 
-server.exchange(oauth2orize.exchange.password(function (client, username, password, scope, done) {
-  Users.findOne({ username: username }, function (err, user) {
+server.exchange(oauth2orize.exchange.password((client, username, password, scope, done) => {
+  Users.findOne({ username: username }, (err, user) => {
     if (err) return done(err)
 
     if (!user || !user.checkPassword(password)) return done(null, false)

diff --git a/src/services/passport/index.js b/src/services/passport/index.js
@@ -1,11 +1,40 @@
 import passport from 'passport'
+import { Strategy as LocalStrategy } from 'passport-local'
 import { Strategy as ClientPasswordStrategy } from 'passport-oauth2-client-password'
 import { Strategy as BearerStrategy } from 'passport-http-bearer'
 
 import Users from '../../models/users'
 import AccessTokens from '../../models/access_tokens'
 import Clients from '../../models/clients'
 
+passport.serializeUser((user, done) => done(null, user.id))
+passport.deserializeUser((id, done) => Users.findById(id).then(user => done(null, user)))
+
+passport.use('local-signup', new LocalStrategy({
+  usernameField: 'email',
+  passwordField: 'password',
+  passReqToCallback: true,
+  session: false
+},
+(req, email, password, done) => {
+  Users.findOne({ 'email': email }, function (err, user) {
+    if (err) return done(err)
+
+    if (user) {
+      return done({status: 422, message: 'That email is already taken.'})
+    } else {
+      const newUser = new Users()
+      newUser.email = email
+      newUser.password = newUser.generateHash(password)
+      newUser.save(function (err) {
+        if (err) return done(err)
+
+        return done(null, newUser)
+      })
+    }
+  })
+}))
+
 passport.use(new ClientPasswordStrategy(
   (clientId, clientSecret, done) => {
     Clients.findOne({ clientId: clientId }, (err, client) => {

diff --git a/src/services/user/index.js b/src/services/user/index.js
@@ -1,12 +1,15 @@
 import passport from 'passport'
 
-const info = [
+const me = [
   passport.authenticate('bearer', { session: false }),
   (request, response) => {
     response.json({ id: request.user.id, name: request.user.name, scope: request.authInfo.scope })
   }
 ]
 
+const signup = passport.authenticate('local-signup')
+
 export default {
-  info
+  me,
+  signup
 }
diff --git a/yarn.lock b/yarn.lock
@@ -778,6 +778,14 @@ babel-plugin-transform-strict-mode@^6.24.1:
     babel-runtime "^6.22.0"
     babel-types "^6.24.1"
 
+babel-polyfill@^6.26.0:
+  version "6.26.0"
+  resolved "https://registry.yarnpkg.com/babel-polyfill/-/babel-polyfill-6.26.0.tgz#379937abc67d7895970adc621f284cd966cf2153"
+  dependencies:
+    babel-runtime "^6.26.0"
+    core-js "^2.5.0"
+    regenerator-runtime "^0.10.5"
+
 babel-preset-env@^1.6.1:
   version "1.6.1"
   resolved "https://registry.yarnpkg.com/babel-preset-env/-/babel-preset-env-1.6.1.tgz#a18b564cc9b9afdf4aae57ae3c1b0d99188e6f48"
@@ -925,6 +933,10 @@ batch@0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16"
 
+bcrypt-nodejs@^0.0.3:
+  version "0.0.3"
+  resolved "https://registry.yarnpkg.com/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz#c60917f26dc235661566c681061c303c2b28842b"
+
 bcrypt-pbkdf@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz#63bc5dcb61331b92bc05fd528953c33462a06f8d"
@@ -1552,10 +1564,6 @@ crypto-random-string@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"
 
-crypto@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/crypto/-/crypto-1.0.1.tgz#2af1b7cad8175d24c8a1b0778255794a21803037"
-
 cssom@0.3.x, "cssom@>= 0.3.2 < 0.4.0":
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/cssom/-/cssom-0.3.2.tgz#b8036170c79f07a90ff2f16e22284027a243848b"
@@ -4725,6 +4733,10 @@ regenerate@^1.2.1:
   version "1.3.3"
   resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.3.3.tgz#0c336d3980553d755c39b586ae3b20aa49c82b7f"
 
+regenerator-runtime@^0.10.5:
+  version "0.10.5"
+  resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.10.5.tgz#336c3efc1220adcedda2c9fab67b5a7955a33658"
+
 regenerator-runtime@^0.11.0:
   version "0.11.1"
   resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz#be05ad7f9bf7d22e056f9726cee5017fbf19e2e9"