updated and properly implemented auth middleware AFLOW-32

Co-authored-by: Spacelord <git@spacelord.de>

src/middleware/auth.mw.ts

@@ -1,5 +1,4 @@
-/*
+export function checkAuthentication(req: any, res: any, next: Function) {
-function checkAuthentication(req: any, res: any, next: Function) {
 	if (req.isAuthenticated()) {
 		//req.isAuthenticated() will return true if user is logged in
 		next();
@@ -8,16 +7,15 @@ function checkAuthentication(req: any, res: any, next: Function) {
 	}
 }
 
-const checkIsInRole = (...roles) => (req, res, next) => {
+// const checkIsInRole = (...roles) => (req, res, next) => {
-	if (!req.user) {
+// 	if (!req.user) {
-		return res.redirect('/login')
+// 		return res.redirect('/login')
-	}
+// 	}
 
-	const hasRole = roles.find(role => req.user.role === role)
+// 	const hasRole = roles.find(role => req.user.role === role)
-	if (!hasRole) {
+// 	if (!hasRole) {
-		return res.redirect('/login')
+// 		return res.redirect('/login')
-	}
+// 	}
 
-	return next()
+// 	return next()
-}
+// }
-*/

src/routes/auth/index.ts

@@ -3,6 +3,9 @@ import { Strategy as LocalStrategy } from 'passport-local';
 import express, { Request, Response } from 'express';
 import { prisma, __path, log, config, app } from '../../index.js';
 
+// Middleware Imports
+import { checkAuthentication } from '../../middleware/auth.mw.js'
+
 /* Configure password authentication strategy.
  *
  * The `LocalStrategy` authenticates users by verifying a username and password.
@@ -22,7 +25,7 @@ passport.use(
 			//log.auth.debug('Loop(REQ):', username, password);
 			//log.auth.debug('Loop(CFG):', user, pass);
 
-			if (user === username && pass === password) {
+			if (user.toLowerCase() === username.toLowerCase() && pass === password) {
 				log.auth.debug('LocalStrategy: success');
 				return cb(null, { username: username }); // This is the user object.
 			}
@@ -56,8 +59,8 @@ passport.use(
  */
 passport.serializeUser(function (user: any, cb) {
 	process.nextTick(function () {
-		log.auth.debug('Called seriealizeUser');
+		// log.auth.debug('Called seriealizeUser');
-		log.auth.debug('user:', user);
+		// log.auth.debug('user:', user);
 		return cb(null, {
 			username: user.username
 		});
@@ -66,7 +69,7 @@ passport.serializeUser(function (user: any, cb) {
 
 passport.deserializeUser(function (user, cb) {
 	process.nextTick(function () {
-		log.auth.debug('Called deseriealizeUser');
+		// log.auth.debug('Called deseriealizeUser');
 		return cb(null, user);
 	});
 });
@@ -85,12 +88,3 @@ Router.route('/login').post(passport.authenticate('local', { successRedirect: '/
 Router.route('/test').get(checkAuthentication, testRoute.get);
 
 export default Router;
-
-function checkAuthentication(req: Request, res: Response, next: Function) {
-	if (req.isAuthenticated()) {
-		//req.isAuthenticated() will return true if user is logged in
-		next();
-	} else {
-		res.redirect('/auth/login');
-	}
-}

src/routes/index.ts

@@ -2,6 +2,9 @@ import express, { Express } from 'express';
 import { __path, prisma } from '../index.js';
 import * as Sentry from '@sentry/node';
 
+// Middleware Imports
+import { checkAuthentication } from '../middleware/auth.mw.js'
+
 // Route imports
 import frontend_routes from './frontend/index.js';
 import static_routes from './static/index.js';
@@ -11,9 +14,9 @@ import auth_routes from './auth/index.js';
 const Router = express.Router({ strict: false });
 
 Router.use('/static', static_routes);
-Router.use('/api', api_routes);
+Router.use('/api', checkAuthentication, api_routes);
 Router.use('/auth', auth_routes);
-Router.use('/', frontend_routes);
+Router.use('/', checkAuthentication, frontend_routes);
 
 // The error handler must be before any other error middleware and after all controllers
 Router.use(Sentry.Handlers.errorHandler());