chore: update passport-local (MEL-12) (#31)

lib/auth/passport.ts

@@ -5,19 +5,37 @@ import { User } from 'users/model'
 import { verify } from 'utils/crypto'
 import { AUTH_TOKEN } from '../utils/env'
 
-export const localstrategy = new LocalStrategy({}, async (username, password, done) => {
-	User.findOne({ username: username }, (err, user) => {
-		if (err) {
-			return done(err)
-		}
-		if (!user) {
-			return done(null, false)
-		}
-		if (!verify(password, user.password, user.salt)) {
-			return done(null, false)
-		}
-		return done(null, user)
+/* Fucking Passport-thing selection */
+
+passport.serializeUser((user: any, done) => {
+	// ? ID or _ID
+	done(null, user.id)
+})
+
+passport.deserializeUser((id, done) => {
+	User.findById(id, (err, user) => {
+		done(err, user)
 	})
 })
 
-// const jwtstrategy = new JsonWebTokenStrategy({})
+passport.use(
+	new LocalStrategy({ usernameField: 'username' }, function (username, password, done) {
+		User.findOne({ username: username })
+			.then(function (user) {
+				if (!user) {
+					return done(null, false, { message: 'No such user' })
+				}
+				if (!verify(password, user.password)) {
+					return done(null, false, { message: 'Wrong password' })
+				}
+				return done(null, user)
+			})
+			.catch(function (err) {
+				return done(null, false, { message: err })
+			})
+	})
+)
+
+export default passport
+
+/* I wish to be dead already... */

lib/auth/router.v1.ts

@@ -5,14 +5,20 @@ const router = express.Router()
 
 // I have no fucking idea what's wrong with this Passport...
 
-router.post(
-	'/login',
-	passport.authenticate('local', {
-		failureRedirect: '/login',
-		successRedirect: '/status',
-	}),
-	(err, req, res, next) => {
-		if (err) next(err)
-	}
-)
+router.post('/login', (req, res, next) => {
+	passport.authenticate('local', function (err, user, info) {
+		if (err) {
+			return res.status(400).json({ errors: err })
+		}
+		if (!user) {
+			return res.status(400).json({ errors: 'No user found' })
+		}
+		req.logIn(user, function (err) {
+			if (err) {
+				return res.status(400).json({ errors: err })
+			}
+			return res.status(200).json({ success: `logged in ${user.username}` })
+		})
+	})(req, res, next)
+})
 export default router

lib/interfaces/http.ts

@@ -2,17 +2,25 @@ import express from 'express'
 import compression from 'compression'
 import cors from 'cors'
 import session from 'express-session'
-import passport from 'passport'
 
 import heyRouter, { defaultRouter } from 'hey/router'
 import userRouter from 'users/router'
-import v2AuthRouter from 'auth/router.v2'
 import v1AuthRouter from 'auth/router.v1'
 
-// import { auth } from 'express-openid-connect'
-// import { AUTH0_CONFIG } from 'utils/env'
-import { sessionConfig } from '../utils/config'
-import { localstrategy } from '../auth/passport'
+/* In case of Auth0 usage we're supposed to use these imports.
+
+import { auth, requiresAuth } from 'express-openid-connect'
+import { AUTH0_CONFIG } from 'utils/env'
+
+And implementation of Auth0 by following lines.
+
+app.use('/v1/users', requiresAuth(), userRouter)*
+app.use('/v2/auth', v2AuthRouter)
+
+*/
+
+import { sessionConfig } from 'utils/config'
+import passport from 'auth/passport'
 
 const app = express()
 
@@ -24,16 +32,12 @@ app.disable('x-powered-by')
 
 app.use(session(sessionConfig))
 
-passport.use('local', localstrategy)
 app.use(passport.initialize())
 app.use(passport.session())
 
-// app.use(auth(AUTH0_CONFIG))
-
 app.use('/', defaultRouter)
 app.use('/v1/hey', heyRouter)
 app.use('/v1/users', userRouter)
 app.use('/v1/auth', v1AuthRouter)
-// app.use('/v2/auth', v2AuthRouter)
 
 export default app

lib/utils/crypto.ts

@@ -12,7 +12,7 @@ export async function hash(text: string) {
 	}
 }
 
-export async function verify(text: string, hash: string, salt: string) {
+export async function verify(text: string, hash: string, salt?: string) {
 	// let verifyHash = crypto.pbkdf2Sync(hash, salt, 10000, 64, 'sha512').toString('hex')
 	const verification = await argon2.verify(hash, text)
 	return verification