[refactoring] auth as middleware

2019-10-30 14:58:40 +01:00
parent a0e2f5e634
commit 0876f9baee
7 changed files with 32 additions and 41 deletions
--- a/components/admin/Settings.vue
+++ b/components/admin/Settings.vue
@@ -2,6 +2,7 @@
  div
    el-form(inline label-width="400px")
      //- select timezone
+      client-only
      el-form-item(:label="$t('admin.select_instance_timezone')")
        el-select(v-model='instance_timezone' filterable)
          el-option(v-for='timezone in timezones' :key='timezone.value' :value='timezone.value')
--- a/nuxt.config.js
+++ b/nuxt.config.js
@@ -63,7 +63,7 @@ module.exports = {
        endpoints: {
          login: { url: '/auth/login', method: 'post', propertyName: 'token' },
          logout: false,
-          user: { url: '/auth/user', method: 'get', propertyName: false }
+          user: false
        },
        tokenRequired: true,
        tokenType: 'Bearer'
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -2,16 +2,10 @@ const { Op } = require('sequelize')
 const { user: User } = require('./models')

 const Auth = {
-  async fillUser (req, res, next) {
-    if (!req.user) { return next() }
-    req.user = await User.findOne({
-      where: { id: { [Op.eq]: req.user.id }, is_active: true }
-    }).catch(e => {
-      res.sendStatus(404)
-      return next(false)
-    })
-    next()
-  },
+
+  /** isAuth middleware
+   * req.user is filled in server/helper.js#initMiddleware
+  */
  async isAuth (req, res, next) {
    if (!req.user) {
      return res
@@ -29,6 +23,8 @@ const Auth = {
    }
    next()
  },
+
+  /** isAdmin middleware */
  isAdmin (req, res, next) {
    if (!req.user) {
      return res
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -5,7 +5,7 @@ const bodyParser = require('body-parser')
 const expressJwt = require('express-jwt')
 const config = require('config')

-const { fillUser, isAuth, isAdmin } = require('./auth')
+const { isAuth, isAdmin } = require('./auth')
 const eventController = require('./controller/event')
 const exportController = require('./controller/export')
 const userController = require('./controller/user')
@@ -21,16 +21,9 @@ api.use(cookieParser())
 api.use(bodyParser.urlencoded({ extended: false }))
 api.use(bodyParser.json())

-// const jwt = expressJwt({
-//   secret: config.secret,
-//   credentialsRequired: false
-// })
-
-// api.use(jwt)
-
 // AUTH
 api.post('/auth/login', userController.login)
-api.get('/auth/user', fillUser, userController.current)
+api.get('/auth/user', userController.current)

 api.post('/user/recover', userController.forgotPassword)
 api.post('/user/check_recover_code', userController.checkRecoverCode)
@@ -38,28 +31,24 @@ api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)

 // register and add users
 api.post('/user/register', userController.register)
-api.post('/user', isAuth, isAdmin, userController.create)
+api.post('/user', isAdmin, userController.create)

 // update user
 api.put('/user', isAuth, userController.update)

 // delete user
-api.delete('/user/:id', isAuth, isAdmin, userController.remove)
+api.delete('/user/:id', isAdmin, userController.remove)

-//
 // api.delete('/user', userController.remove)

 // get all users
-api.get('/users', isAuth, isAdmin, userController.getAll)
-
-// update a tag (modify color)
-api.put('/tag', isAuth, isAdmin, eventController.updateTag)
+api.get('/users', isAdmin, userController.getAll)

 // update a place (modify address..)
-api.put('/place', isAuth, isAdmin, eventController.updatePlace)
+api.put('/place', isAdmin, eventController.updatePlace)

 // add event
-api.post('/user/event', fillUser, upload.single('image'), userController.addEvent)
+api.post('/user/event', upload.single('image'), userController.addEvent)

 // update event
 api.put('/user/event', isAuth, upload.single('image'), userController.updateEvent)
@@ -71,14 +60,14 @@ api.delete('/user/event/:id', isAuth, userController.delEvent)
 api.get('/event/meta', eventController.getMeta)

 // get unconfirmed events
-api.get('/event/unconfirmed', isAuth, isAdmin, eventController.getUnconfirmed)
+api.get('/event/unconfirmed', isAdmin, eventController.getUnconfirmed)

 // add event notification
 api.post('/event/notification', eventController.addNotification)
 api.delete('/event/notification/:code', eventController.delNotification)

 api.get('/settings', settingsController.getAllRequest)
-api.post('/settings', fillUser, isAdmin, settingsController.setRequest)
+api.post('/settings', isAdmin, settingsController.setRequest)

 api.get('/settings/user_locale', settingsController.getUserLocale)

@@ -87,7 +76,7 @@ api.get('/event/confirm/:event_id', isAuth, eventController.confirm)
 api.get('/event/unconfirm/:event_id', isAuth, eventController.unconfirm)

 // get event
-api.get('/event/:event_id.:format?', fillUser, eventController.get)
+api.get('/event/:event_id.:format?', eventController.get)

 // export events (rss/ics)
 api.get('/export/:type', exportController.export)
--- a/server/helpers.js
+++ b/server/helpers.js
@@ -1,10 +1,11 @@
 const settingsController = require('./api/controller/settings')
+const { user: User } = require('./api/models')
+const { Op } = require('sequelize')
 const acceptLanguage = require('accept-language')
 const expressJwt = require('express-jwt')
-const debug = require('debug')
 const moment = require('moment-timezone')
 const config = require('config')
-const package = require('../package.json')
+const pkg = require('../package.json')

 const jwt = expressJwt({
  secret: config.secret,
@@ -22,17 +23,14 @@ const jwt = expressJwt({

 module.exports = {
  initMiddleware (req, res, next) {
-
    // initialize settings
    req.settings = settingsController.settings
    req.secretSettings = settingsController.secretSettings

-    // const package = require('../package.json')
-
    req.settings.baseurl = config.baseurl
    req.settings.title = config.title
    req.settings.description = config.description
-    req.settings.version = package.version
+    req.settings.version = pkg.version

    // set locale and user locale
    const acceptedLanguages = req.headers['accept-language']
@@ -43,9 +41,11 @@ module.exports = {
    moment.locale(req.settings.locale)

    // auth
-    jwt(req, res, () => {
+    jwt(req, res, async () => {
+      if (!req.user) { return next() }
+      req.user = await User.findOne({
+        where: { id: { [Op.eq]: req.user.id }, is_active: true } })
      next()
    })
-
  }
-}
+}
--- a/server/routes.js
+++ b/server/routes.js
@@ -3,6 +3,7 @@ const config = require('config')
 const express = require('express')
 const cors = require('cors')
 const api = require('./api')
+const cookieParser = require('cookie-parser')
 const federation = require('./federation')
 const webfinger = require('./federation/webfinger')
 const { spamFilter } = require('./federation/helpers')
@@ -24,6 +25,7 @@ router.use('/favicon.ico', express.static(path.resolve(config.favicon || './asse
 router.use('/media/', express.static(config.upload_path))

 // get instance settings
+router.use(cookieParser())
 router.use(helpers.initMiddleware)

 // rss/ics/atom feed
--- a/store/index.js
+++ b/store/index.js
@@ -149,6 +149,9 @@ export const actions = {
  // this method is called server side only for each request
  // we use it to get configuration from db, setting locale, etc...
  nuxtServerInit ({ commit }, { app, store, req }) {
+    if (req.user) {
+      this.$auth.setUser(req.user)
+    }
    const settings = req.settings
    commit('setSettings', settings)
    // apply settings