auth.nuxt.js plugin

2019-04-26 23:14:43 +02:00
parent eed3896396
commit 3b80dd5f73
20 changed files with 528 additions and 149 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -21,7 +21,6 @@ const Auth = {
      (req.body && req.body.token) ||
      req.params.token ||
      req.headers.authorization
-    console.error('sono dentro isAuth ', token, req.headers)
    if (!token) return res.status(403).send({ message: 'Token not found' })
    jwt.verify(token, config.secret, async (err, decoded) => {
      if (err) {
--- a/server/api/controller/event.js
+++ b/server/api/controller/event.js
@@ -160,7 +160,7 @@ const eventController = {
        // { model: Place, required: false }
      // ]
    })
-    console.log(events)
+    // console.log(events)
    res.json(events)
  }

--- a/server/api/controller/user.js
+++ b/server/api/controller/user.js
@@ -4,7 +4,7 @@ const crypto = require('crypto')
 const jwt = require('jsonwebtoken')
 const Mastodon = require('mastodon-api')
 const { Op } = require('sequelize')
-
+const jsonwebtoken = require('jsonwebtoken')
 const User = require('../models/user')
 const config = require('../config')
 const mail = require('../mail')
@@ -27,18 +27,24 @@ const userController = {
      } else {
        // if user is found and password is right
        // create a token
-        const payload = { email: user.email }
-        const token = jwt.sign(payload, config.secret)
-        res.json({
-          success: true,
-          message: 'Enjoy your token!',
-          token,
-          user
-        })
+        const accessToken = jsonwebtoken.sign({ user:
+          {
+            id: user.id,
+            email: user.email,
+            scope: [user.is_admin ? 'admin' : 'user']
+          }},
+          config.secret
+        )
+      
+        res.json({token: accessToken})        
      }
    }
  },

+  async logout(req, res) {
+
+  },
+
  async setToken(req, res) {
    req.user.mastodon_auth = req.body
    await req.user.save()
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -5,8 +5,10 @@ const eventController = require('./controller/event')
 const exportController = require('./controller/export')
 const userController = require('./controller/user')
 const settingsController = require('./controller/settings')
+const config = require('./config')

 // const botController = require('./controller/bot')
+const jwt = require('express-jwt')({secret: config.secret})

 const storage = require('./storage')({
  destination: 'uploads/'
@@ -14,8 +16,12 @@ const storage = require('./storage')({

 const upload = multer({ storage })
 const api = express.Router()
-// login
-api.post('/login', userController.login)
+
+// AUTH
+api.post('/auth/login', userController.login)
+api.post('/auth/logout', userController.logout)
+api.get('/auth/user', jwt, userController.current)
+
 api.post('/user/recover', userController.forgotPassword)
 api.post('/user/check_recover_code', userController.checkRecoverCode)
 api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)
@@ -25,7 +31,7 @@ api
  // register
  .post(userController.register)
  // get current user
-  .get(isAuth, userController.current)
+  // .get(isAuth, userController.current)
  // update user (eg. confirm)
  .put(isAuth, isAdmin, userController.update)

--- a/server/api/models/user.js
+++ b/server/api/models/user.js
@@ -1,6 +1,6 @@
+const Sequelize = require('sequelize')
 const bcrypt = require('bcrypt')
 const db = require('../db')
-const Sequelize = require('sequelize')

 const User = db.define('user', {
  email: {