updated and properly implemented auth middleware AFLOW-32

Co-authored-by: Spacelord <git@spacelord.de>
This commit is contained in:
Sören Oesterwind 2023-11-01 20:04:19 +01:00
parent 2371089f88
commit c23b1b306c
3 changed files with 23 additions and 28 deletions

View File

@ -1,5 +1,4 @@
/*
function checkAuthentication(req: any, res: any, next: Function) {
export function checkAuthentication(req: any, res: any, next: Function) {
if (req.isAuthenticated()) {
//req.isAuthenticated() will return true if user is logged in
next();
@ -8,16 +7,15 @@ function checkAuthentication(req: any, res: any, next: Function) {
}
}
const checkIsInRole = (...roles) => (req, res, next) => {
if (!req.user) {
return res.redirect('/login')
}
// const checkIsInRole = (...roles) => (req, res, next) => {
// if (!req.user) {
// return res.redirect('/login')
// }
const hasRole = roles.find(role => req.user.role === role)
if (!hasRole) {
return res.redirect('/login')
}
// const hasRole = roles.find(role => req.user.role === role)
// if (!hasRole) {
// return res.redirect('/login')
// }
return next()
}
*/
// return next()
// }

View File

@ -3,6 +3,9 @@ import { Strategy as LocalStrategy } from 'passport-local';
import express, { Request, Response } from 'express';
import { prisma, __path, log, config, app } from '../../index.js';
// Middleware Imports
import { checkAuthentication } from '../../middleware/auth.mw.js'
/* Configure password authentication strategy.
*
* The `LocalStrategy` authenticates users by verifying a username and password.
@ -22,7 +25,7 @@ passport.use(
//log.auth.debug('Loop(REQ):', username, password);
//log.auth.debug('Loop(CFG):', user, pass);
if (user === username && pass === password) {
if (user.toLowerCase() === username.toLowerCase() && pass === password) {
log.auth.debug('LocalStrategy: success');
return cb(null, { username: username }); // This is the user object.
}
@ -56,8 +59,8 @@ passport.use(
*/
passport.serializeUser(function (user: any, cb) {
process.nextTick(function () {
log.auth.debug('Called seriealizeUser');
log.auth.debug('user:', user);
// log.auth.debug('Called seriealizeUser');
// log.auth.debug('user:', user);
return cb(null, {
username: user.username
});
@ -66,7 +69,7 @@ passport.serializeUser(function (user: any, cb) {
passport.deserializeUser(function (user, cb) {
process.nextTick(function () {
log.auth.debug('Called deseriealizeUser');
// log.auth.debug('Called deseriealizeUser');
return cb(null, user);
});
});
@ -85,12 +88,3 @@ Router.route('/login').post(passport.authenticate('local', { successRedirect: '/
Router.route('/test').get(checkAuthentication, testRoute.get);
export default Router;
function checkAuthentication(req: Request, res: Response, next: Function) {
if (req.isAuthenticated()) {
//req.isAuthenticated() will return true if user is logged in
next();
} else {
res.redirect('/auth/login');
}
}

View File

@ -2,6 +2,9 @@ import express, { Express } from 'express';
import { __path, prisma } from '../index.js';
import * as Sentry from '@sentry/node';
// Middleware Imports
import { checkAuthentication } from '../middleware/auth.mw.js'
// Route imports
import frontend_routes from './frontend/index.js';
import static_routes from './static/index.js';
@ -11,9 +14,9 @@ import auth_routes from './auth/index.js';
const Router = express.Router({ strict: false });
Router.use('/static', static_routes);
Router.use('/api', api_routes);
Router.use('/api', checkAuthentication, api_routes);
Router.use('/auth', auth_routes);
Router.use('/', frontend_routes);
Router.use('/', checkAuthentication, frontend_routes);
// The error handler must be before any other error middleware and after all controllers
Router.use(Sentry.Handlers.errorHandler());