-
Notifications
You must be signed in to change notification settings - Fork 1
/
authentication.js
103 lines (84 loc) · 3.4 KB
/
authentication.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
var bcrypt = require('bcrypt')
var jwt = require('jsonwebtoken')
var UsersDataAccess = require('./data_access/users-data-access')
var usersDataAccess = new UsersDataAccess();
const saltRounds = 10
const hashSecret = process.env.HASH_SECRET
function getPasswordHash(plainPassword) {
return bcrypt.hashSync(plainPassword, saltRounds)
}
module.exports = {
getPasswordHash: function (plainPassword) {
return getPasswordHash(plainPassword)
},
createUsesIfNotExists: function (userName, password, isAdmin) {
usersDataAccess.getUserByUserName(userName, function(error, data) {
if (error) {
console.error(error)
response.status(500).send('Internal error')
}
if (!data) {
var hashedPassword = getPasswordHash(password)
usersDataAccess.insertUser(userName, hashedPassword, isAdmin, function(error, data) {
if (error) {
console.error(error)
response.status(500).send('Internal error')
}
console.log('User ' + userName + ' with id \'' + data + '\' created')
})
}
})
},
getToken: function (request, response) {
var userName = request.body.name
var plainPassword = request.body.password
usersDataAccess.getUserByUserName(userName, function(error, foundUser) {
if (error) {
console.error(error)
response.status(500).send('Internal error')
}
if (!foundUser) {
response.status(401).send('No existe el usuario')
return
}
// check if password matches
if (!bcrypt.compareSync(plainPassword, foundUser.password)) {
response.status(401).send('Contraseña incorrecta')
return
}
var roles = []
if (foundUser.isAdmin===1) roles.push('ADMIN')
var tokenPayload = { userName: foundUser.userName, roles }
var token = jwt.sign(tokenPayload, hashSecret, {
expiresIn: '20m' //10m minutes or 60s 60 segs
});
// return the information including token as JSON
response.json({token: token})
})
},
verifyToken: function (request, response, next) {
// check header or url parameters or post parameters for token
var token = request.body.token || request.query.token || request.headers['x-access-token']
// decode token
if (token) {
// verifies secret and checks exp
jwt.verify(token, hashSecret, function (err, decoded) {
if (err) {
console.log(err)
return response.status(401).send('Failed to authenticate token: ' + err.message)
} else {
// if everything is good, save to request for use in other routes
request.decoded = decoded
next()
}
});
} else {
// if there is no token
// return an error
return response.status(403).send('No token provided')
}
},
hasAdminRole: function (request) {
return request.decoded.roles.indexOf('ADMIN', 0) >= 0
}
}