shimapan/app/routes/auth.js

'use strict';

const express = require('express');
const router = express.Router();
const User = require('../models/User.js');
const Invite = require('../models/Invite.js');
const passport = require('passport');

const canonicalizeRequest = require('../util/canonicalize').canonicalizeRequest;
const requireAuth = require('../util/requireAuth').requireAuth;
const wrap = require('../util/wrap.js').wrap;


// Wraps passport.authenticate to return a promise
function authenticate(req, res, next) {
    return new Promise((resolve) => {
        passport.authenticate('local', (err, user) => {
            resolve(user);
        })(req, res, next);
    });
}

// Wraps passport session creation for async usage
function login(user, req) {
    return new Promise((resolve) => {
        req.login(user, resolve);
    });
}

// Check if a canonical name is valid
async function validateUsername(username, canonicalName, sanitize) {
    if (canonicalName.length > 36)
        return {valid: false, message: 'Username too long.'};

    if (canonicalName !== sanitize(canonicalName).replace(/\s/g, ''))
        return {valid: false, message: 'Username contains invalid characters.'};

    const count = await User.countDocuments({canonicalname: canonicalName});

    if (count !== 0)
        return {valid: false, message: 'Username in use.'};

    return {valid: true};
}

// Query the database for a valid invite code. An error message property is set if invalid.
async function validateInvite(code) {
    const invite = await Invite.findOne({code: code});

    if (!invite)
        return {valid: false, message: 'Invalid invite code.'};

    if (invite.used)
        return {valid: false, message: 'Invite already used.'};

    if (invite.exp < Date.now())
        return {valid: false, message: 'Invite expired.'};

    return {valid: true, invite: invite};
}


router.post('/register', canonicalizeRequest, wrap(async (req, res, next) => {
    // Validate the invite and username
    const [inviteStatus, usernameStatus] =
        await Promise.all([
            validateInvite(req.body.invite),
            validateUsername(req.body.username, req.body.canonicalname, req.sanitize)
        ]);

    // Error if validation failed
    if (!inviteStatus.valid)
        return res.status(422).json({'message': inviteStatus.message});
    if (!usernameStatus.valid)
        return res.status(422).json({'message': usernameStatus.message});

    // Update the database
    await Promise.all([
        User.register({
            username: req.body.username,
            canonicalname: req.body.canonicalname,
            scope: inviteStatus.invite.scope,
            date: Date.now()
        }, req.body.password),
        Invite.updateOne({code: inviteStatus.invite.code}, {recipient: req.body.canonicalname, used: Date.now()})
    ]);

    res.status(200).json({'message': 'Registration successful.'});
}));

router.post('/login', canonicalizeRequest, wrap(async (req, res, next) => {
    // Authenticate
    const user = await authenticate(req, res, next);
    if (!user)
        return res.status(401).json({'message': 'Unauthorized.'});

    // Create session
    await login(user, req);

    // Set scope
    req.session.passport.scope = user.scope;

    res.status(200).json({'message': 'Logged in.'});
}));

router.get('/logout', function (req, res) {
    req.logout();
    res.status(200).json({'message': 'Logged out.'});
});

router.get('/ping', requireAuth(), (req, res, next) => {
    res.status(200).json({'message': 'pong'});
});

router.get('/session', requireAuth(), (req, res, next) => {
    res.status(200).json({
        username: req.session.passport.username,
        canonicalname: req.session.passport.canonicalname,
        scope: req.session.passport.scope
    });
});

module.exports = router;
Properly async-ify registration code 2018-07-25 01:45:05 -04:00			`'use strict';`
Work on stuff... 2017-10-11 10:15:19 -04:00
Properly async-ify registration code 2018-07-25 01:45:05 -04:00			`const express = require('express');`
			`const router = express.Router();`
			`const User = require('../models/User.js');`
			`const Invite = require('../models/Invite.js');`
			`const passport = require('passport');`
Refactor all base auth routes, allowing for case insensitivity and unicode usernames. 2018-01-15 15:29:32 -05:00
Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`const canonicalizeRequest = require('../util/canonicalize').canonicalizeRequest;`
			`const requireAuth = require('../util/requireAuth').requireAuth;`
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00			`const wrap = require('../util/wrap.js').wrap;`
Properly async-ify registration code 2018-07-25 01:45:05 -04:00
Refactor all base auth routes, allowing for case insensitivity and unicode usernames. 2018-01-15 15:29:32 -05:00
Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`// Wraps passport.authenticate to return a promise`
			`function authenticate(req, res, next) {`
			`return new Promise((resolve) => {`
			`passport.authenticate('local', (err, user) => {`
			`resolve(user);`
			`})(req, res, next);`
			`});`
			`}`
Properly async-ify registration code 2018-07-25 01:45:05 -04:00
Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`// Wraps passport session creation for async usage`
			`function login(user, req) {`
			`return new Promise((resolve) => {`
			`req.login(user, resolve);`
			`});`
			`}`
Properly async-ify registration code 2018-07-25 01:45:05 -04:00
			`// Check if a canonical name is valid`
			`async function validateUsername(username, canonicalName, sanitize) {`
			`if (canonicalName.length > 36)`
			`return {valid: false, message: 'Username too long.'};`

			`if (canonicalName !== sanitize(canonicalName).replace(/\s/g, ''))`
			`return {valid: false, message: 'Username contains invalid characters.'};`

			`const count = await User.countDocuments({canonicalname: canonicalName});`

			`if (count !== 0)`
			`return {valid: false, message: 'Username in use.'};`

			`return {valid: true};`
Clean up and parallelize auth code 2017-10-12 12:50:02 -04:00			`}`

Properly async-ify registration code 2018-07-25 01:45:05 -04:00			`// Query the database for a valid invite code. An error message property is set if invalid.`
			`async function validateInvite(code) {`
			`const invite = await Invite.findOne({code: code});`

			`if (!invite)`
			`return {valid: false, message: 'Invalid invite code.'};`

			`if (invite.used)`
			`return {valid: false, message: 'Invite already used.'};`

			`if (invite.exp < Date.now())`
			`return {valid: false, message: 'Invite expired.'};`

			`return {valid: true, invite: invite};`
Add invite codes for registering 2017-10-11 12:55:46 -04:00			`}`

Properly async-ify registration code 2018-07-25 01:45:05 -04:00
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00			`router.post('/register', canonicalizeRequest, wrap(async (req, res, next) => {`
Properly async-ify registration code 2018-07-25 01:45:05 -04:00			`// Validate the invite and username`
Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`const [inviteStatus, usernameStatus] =`
			`await Promise.all([`
			`validateInvite(req.body.invite),`
			`validateUsername(req.body.username, req.body.canonicalname, req.sanitize)`
			`]);`
Properly async-ify registration code 2018-07-25 01:45:05 -04:00
Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`// Error if validation failed`
Properly async-ify registration code 2018-07-25 01:45:05 -04:00			`if (!inviteStatus.valid)`
			`return res.status(422).json({'message': inviteStatus.message});`
			`if (!usernameStatus.valid)`
			`return res.status(422).json({'message': usernameStatus.message});`

Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`// Update the database`
			`await Promise.all([`
			`User.register({`
			`username: req.body.username,`
			`canonicalname: req.body.canonicalname,`
			`scope: inviteStatus.invite.scope,`
			`date: Date.now()`
			`}, req.body.password),`
			`Invite.updateOne({code: inviteStatus.invite.code}, {recipient: req.body.canonicalname, used: Date.now()})`
			`]);`
Properly async-ify registration code 2018-07-25 01:45:05 -04:00
			`res.status(200).json({'message': 'Registration successful.'});`
			`}));`
Work on stuff... 2017-10-11 10:15:19 -04:00
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00			`router.post('/login', canonicalizeRequest, wrap(async (req, res, next) => {`
Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`// Authenticate`
			`const user = await authenticate(req, res, next);`
			`if (!user)`
			`return res.status(401).json({'message': 'Unauthorized.'});`

			`// Create session`
			`await login(user, req);`

			`// Set scope`
			`req.session.passport.scope = user.scope;`

			`res.status(200).json({'message': 'Logged in.'});`
			`}));`
Work on stuff... 2017-10-11 10:15:19 -04:00
Work on stuff 2017-10-18 13:31:08 -04:00			`router.get('/logout', function (req, res) {`
			`req.logout();`
			`res.status(200).json({'message': 'Logged out.'});`
Add fallback cookie auth method 2017-10-14 17:49:11 -04:00			`});`

Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00			`router.get('/ping', requireAuth(), (req, res, next) => {`
			`res.status(200).json({'message': 'pong'});`
			`});`

			`router.get('/session', requireAuth(), (req, res, next) => {`
Rewrite User tests to be async 2018-07-25 18:45:38 -04:00			`res.status(200).json({`
			`username: req.session.passport.username,`
			`canonicalname: req.session.passport.canonicalname,`
			`scope: req.session.passport.scope`
			`});`
Work on stuff 2017-10-18 13:31:08 -04:00			`});`
Work on stuff... 2017-10-11 10:15:19 -04:00
			`module.exports = router;`