105 lines
3.7 KiB
JavaScript
105 lines
3.7 KiB
JavaScript
// Passport protocol configurations
|
|
const crypto = require('crypto')
|
|
const base64URL = require('base64url')
|
|
|
|
module.exports.protocols = {
|
|
local: {
|
|
/**
|
|
* Validate a login request
|
|
*
|
|
* Looks up a user using the supplied identifier (email or username) and then
|
|
* attempts to find a local Passport associated with the user. If a Passport is
|
|
* found, its password is checked against the password supplied in the form.
|
|
*
|
|
* @param {Object} req
|
|
* @param {string} identifier
|
|
* @param {string} password
|
|
* @param {Function} next
|
|
*/
|
|
login: async function (req, identifier, password, next) {
|
|
if (!validateEmail(identifier)) {
|
|
return next(new Error('invalid email address'), false)
|
|
}
|
|
try {
|
|
const user = await User.findOne({
|
|
email: identifier
|
|
})
|
|
if (!user) throw new Error('an account with that email was not found')
|
|
|
|
const passport = await Passport.findOne({
|
|
protocol: 'local',
|
|
user: user.id
|
|
})
|
|
if (passport) {
|
|
const res = await Passport.validatePassword(password, passport)
|
|
if (!res) throw new Error('incorrect password')
|
|
return next(null, user)
|
|
} else {
|
|
throw new Error('that account does not have password login enabled')
|
|
}
|
|
} catch (e) {
|
|
return next(e, false)
|
|
}
|
|
},
|
|
register: async function (user, next) {
|
|
try {
|
|
const token = generateToken()
|
|
const password = user.password
|
|
if (!password.length) throw new Error('password cannot be blank')
|
|
delete user.password
|
|
|
|
const newUser = await User.create(user).fetch()
|
|
try {
|
|
await Passport.create({
|
|
protocol: 'local',
|
|
password,
|
|
user: newUser.id,
|
|
accesstoken: token
|
|
})
|
|
return next(null, token)
|
|
} catch (e) {
|
|
await User.destroy(newUser.id)
|
|
throw e
|
|
}
|
|
} catch (e) {
|
|
return next(e)
|
|
}
|
|
},
|
|
update: async function (user, next) {
|
|
throw new Error('not implemented')
|
|
},
|
|
connect: async function (req, res, next) {
|
|
try {
|
|
const user = req.user
|
|
const password = req.param('password')
|
|
|
|
const pass = await Passport.findOne({
|
|
protocol: 'local',
|
|
user: user.id
|
|
})
|
|
if (!pass) {
|
|
await Passport.create({
|
|
protocol: 'local',
|
|
password,
|
|
user: user.id
|
|
})
|
|
} else {
|
|
return next(null, user)
|
|
}
|
|
} catch (e) {
|
|
return next(e)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
const EMAIL_REGEX = /^((([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+(\.([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+)*)|((\x22)((((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(([\x01-\x08\x0b\x0c\x0e-\x1f\x7f]|\x21|[\x23-\x5b]|[\x5d-\x7e]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(\\([\x01-\x09\x0b\x0c\x0d-\x7f]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))))*(((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(\x22)))@((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))$/i
|
|
|
|
function validateEmail (email) {
|
|
return EMAIL_REGEX.test(email)
|
|
}
|
|
|
|
function generateToken () {
|
|
return base64URL(crypto.randomBytes(48))
|
|
}
|