:pencil2: Lots of notes on where to go next

backend/lib/auth/strategies/jwt.js

@@ -13,6 +13,12 @@ module.exports = options => {
         },
         validate: (artifacts, request, h) => {
             try {
+                // Check if the Access Token is Valid
+                // if (!accessTokenIsValid) {
+                // Look up if the Session is Active
+                // } else {
+                // isValid: true
+                // }
                 return {
                     isValid: true,
                     credentials: { user: artifacts.decoded.payload.user },

backend/lib/routes/user/generatejwt.js

@@ -24,7 +24,9 @@ module.exports = {
             const { userService } = request.server.services()
             const res = request.payload
             const token = await userService.createToken(res)
+            // TODO: Move logic adding initial three responses to here
             try {
+                // return h.state(token)
                 return {
                     ok: true,
                     handler: pluginConfig.handlerType,

backend/lib/routes/user/validatejwt.js

@@ -15,6 +15,8 @@ const pluginConfig = {
 module.exports = {
     method: 'GET',
     path: '/validatejwt/{jwt}',
+    // method: 'GET' sessionToken in header ?
+    // path: '/validatesession/{sessionToken}'
     options: {
         ...pluginConfig.docs.get,
         tags: ['api'],

backend/lib/routes/user/verifyemail.js

@@ -25,6 +25,10 @@ module.exports = {
             const hash = request.params.hashedEmail
 
             try {
+                // Is there an userService.activeSession?
+                // If there is, issue a new access token
+                // We need the session token from the frontend
+                // If NOT, throw error (kicks back to login)
                 const hashToMatch = Object.keys(userService.hashedEmails).find(
                     email => {
                         return email === hash

backend/lib/services/user.js

@@ -64,10 +64,24 @@ module.exports = class UserService extends Schmervice.Service {
         const pwd = new SecurePassword()
         // TODO: Invalidate this cache somehow after a certain time period has
         // passed
+        // TODO: Remove hashedEmails in preference of activeSessions
         this.hashedEmails = {
             // NOTE: key is email hash and value is timestamp in ms
             // abc123456: '123456689',
         }
+
+        // this.activeSessions = [
+        // {
+        // user: {
+        // useremail: email,
+        // hashedEmail: hashedEmail,
+        // username: name,
+        // },
+        // expiration: 1203984710234
+        // },
+        // token: 'tokenString + expirationDate + salt'
+        // ]
+
         this.pwd = {
             hash: Util.promisify(pwd.hash.bind(pwd)),
             verify: Util.promisify(pwd.verify.bind(pwd)),
@@ -210,17 +224,22 @@ module.exports = class UserService extends Schmervice.Service {
      * @param {User} user
      * @returns {Token}
      */
-
+    // TODO: Put this logic in the routes, NOT here
+    // createSessionToken(user, payload)
+    // createAccessToken()
+    //
     createToken(user) {
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
 
-        const token = Jwt.token.generate(
+        let token = Jwt.token.generate(
             {
                 aud: 'urn:audience:test',
                 iss: 'urn:issuer:test',
+                // ...payload,
                 email: user.email,
                 name: user.name,
                 seeking: user.seeking,
+                salt: 'a;ldfkjas;l/dfkafnml;/cjkf',
                 // profile_id: user.profile_id,
             },
             {
@@ -228,14 +247,91 @@ module.exports = class UserService extends Schmervice.Service {
                 algorithm: 'HS256',
             },
             {
-                // ttlSec: 4 * 60 * 60, // 7 days
-                // ttlSec: 60 * 3, // 3 minutes
-                ttlSec: user.expiration,
+                ttlSec: 4 * 60 * 60, // 7 days
             },
         )
+        console.log('token :=>', token)
+        token = Jwt.token.generate(
+            {
+                aud: 'urn:audience:test',
+                iss: 'urn:issuer:test',
+                // ...payload,
+                email: user.email,
+                name: user.name,
+                seeking: user.seeking,
+                salt: 'qpowieurpqowytqpoieryu',
+                // profile_id: user.profile_id,
+            },
+            {
+                key: key,
+                algorithm: 'HS256',
+            },
+            {
+                ttlSec: 4 * 60 * 60, // 7 days
+            },
+        )
+        console.log('\n')
+        console.log('token :=>', token)
+        token = Jwt.token.generate(
+            {
+                aud: 'urn:audience:test',
+                iss: 'urn:issuer:test',
+                // ...payload,
+                email: user.email,
+                name: user.name,
+                seeking: user.seeking,
+                salt: 'a;ldfkjas;l/dfkafnml;/cjkf',
+                // profile_id: user.profile_id,
+            },
+            {
+                key: key,
+                algorithm: 'HS256',
+            },
+            {
+                ttlSec: 6 * 60 * 60, // 7 days
+            },
+        )
+        console.log('token :=>', token)
+        token = Jwt.token.generate(
+            {
+                aud: 'urn:audience:test',
+                iss: 'urn:issuer:test',
+                // ...payload,
+                email: user.email,
+                name: user.name,
+                seeking: user.seeking,
+                salt: 'a;ldfkjas;l/dfkafnml;/cjkf',
+                // profile_id: user.profile_id,
+            },
+            {
+                key: key,
+                algorithm: 'HS256',
+            },
+            {
+                ttlSec: 7 * 60 * 60, // 7 days
+            },
+        )
+        console.log('token :=>', token)
+
+        // TODO: keep userinfo and it's association with the sessionToken in state/memory
+        // registerSession(user, sessionToken) // useremail, token
+        // this.registerSession(user, token)
         return token
     }
 
+    async registerSession(user, hashedEmail, token) {
+        const sessionRequester = {
+            user: user,
+            hashedEmail: hashedEmail,
+            token: token,
+        }
+        const alreadyExists = this.activeSessions.find(
+            sessionRequester => sessionRequester.hashedEmail === hashedEmail,
+        )
+        if (!alreadyExists) {
+            this.activeSessions.push(sessionRequester)
+        }
+    }
     /**
      * Validates whether a token has expired or not
      * @param {User} user
@@ -290,6 +386,7 @@ module.exports = class UserService extends Schmervice.Service {
     async checkEmailCache(userEmail) {
         const hashedEmail = await hashEmail(userEmail)
         const now = Date.now()
+        // hashedEmail needs to be derived by email, salt
         const expiration = this.hashedEmails[hashedEmail]
         console.log('this.hashedEmails :=>', this.hashedEmails)
         const emailIsInCache = Object.keys(this.hashedEmails).includes(

frontend/src/components/onboarding/Auth.vue

@@ -51,12 +51,13 @@ export default {
             })
             const newUserId = newUser.user_id
             await createProfileForUserId(newUserId, this.responses)
+            // TODO: rename getJwt
             const jwt = await this.authenticator.generateJwt({
                 ...this.answered,
                 expiration: 60 * 10,
             })
             console.log('jwt :=>', jwt)
-            document.cookie = `siimee_session_verify=${jwt}; max-age=600; path=/verify; secure`
+            document.cookie = `siimee_session=${jwt}; max-age=600; path=/; secure`
             await this.authenticator.sendAuthEmail(this.answered)
         } else {
             console.error('ERROR :=>')

frontend/src/services/auth.service.js

@@ -16,10 +16,15 @@ class Authenticator {
         const isVerified = await db.get(`/user/verify/${hashedEmail}`)
         return isVerified.hashesMatch
     }
-    async generateJwt(res) {
-        const token = await db.post('/user/generatejwt', res)
-        return token.jwt
+    // TODO: rename getJwt()
+    async generateJwt(req) {
+        const response = await db.post('/user/generatejwt', req)
+        // TODO: Move token into repsonse.headers
+        // return response.headers ?
+        return response.jwt
     }
+
+    // validateSession(sessionToken)
     async validateJwt(jwt) {
         const validateJwt = await db.get(`/user/validatejwt/${jwt}`)
         return validateJwt

frontend/src/views/OnboardingView.vue

@@ -43,7 +43,8 @@ import {
 import { surveyFactory } from '@/utils'
 import stepViews from '@/components/onboarding'
 import SurveyCompleteView from './SurveyCompleteView.vue'
-
+let sessionToken = null
+let accessToken = null
 // import savesurveybyprofileid - call it on submit
 // paginate to save every steps answers
 export default {
@@ -62,24 +63,31 @@ export default {
         invalidResponse: false,
         userEmail: null,
         emailIsInCache: false,
-        sessionToken: null, // need this?
-        accessToken: null,
         authenticator: {},
     }),
     async created() {
         this.survey = await surveyFactory.createSurvey()
         this.authenticator = new Authenticator()
-        const sessionToken = this.grabCookie('siimee_session_onboarding')
+        // TODO: Consider switch/case() depending on what tokens exist/are valid...
+        sessionToken = this.grabCookie('siimee_session_onboarding')
+        // if (!sessionToken) {
+        //     //
+        // }
+        accessToken = this.grabCookie('siimee_access_onboarding')
+        // if (!accessToken) {
+        //     // blow up
+        // }
         const sessionData = await this.authenticator.validateJwt(sessionToken)
-
-        const accessToken = this.grabCookie('siimee_access_onboarding')
         // NOTE: Left off here, INCOMPLETE, no ACCESS TOKEN yet, crazy amount of logic here...
         if (sessionData.isValid && !accessToken) {
             this.userEmail = sessionData.payload.email
+            // this.emailIsRegistered
             this.emailIsInCache = await this.authenticator.checkEmailCache(
                 this.userEmail,
             )
         }
+        // TODO: EVERY ROUTE WE HIT AFTER THIS HAS TO BE AUTHENTICATED
+        // ACCESS TOKEN WORKS
         if (this.emailIsInCache) {
             const user = await fetchUserByEmail(this.userEmail)
             const userId = user.user_id
@@ -98,6 +106,8 @@ export default {
             })
             this.currentStep = this.responses.length + 3
             this.goToStep(this.currentStep)
+        } else {
+            // TODO: CHECK SESSION
         }
     },
     methods: {
@@ -107,6 +117,8 @@ export default {
         async goToStep(num) {
             this.currentStep = num
         },
+        // TODO: Rename this method, grab cookie from where?
+        // grabStoredCookie(cookieKey)
         grabCookie(cookieKey) {
             const cookies = document.cookie
                 .split('; ')

frontend/src/views/VerifyView.vue

@@ -17,13 +17,33 @@ export default {
         const hashEmail = this.$route.params.email
 
         const hashesMatch = await this.authenticator.verifyAuthEmail(hashEmail)
-        const siimeeToken = this.grabCookie('siimee_session_verify')
+        // TODO: Refactor, see methods below
+        // if (!hashesMatch) {
+        //     throw new Error('no record of hashed email in cache')
+        //     this.$router.push('/onboarding')
+        // }
+        // TODO: THIS NEEDS TO BE SENT OVER TO verifyAuthEmail(hashEmail) in the headers
+        const sessionToken = this.grabCookie('siimee_session')
+        // TODO: Refactor, see methods below
+        // if (!sessionToken) {
+        //     throw new Error('token doesn't exist)
+        //     this.$router.push('/onboarding')
+        // } else {}
 
-        if (siimeeToken) {
-            const jwt = await this.authenticator.validateJwt(siimeeToken)
-            if (jwt.isValid && hashesMatch) {
-                document.cookie = `siimee_session_onboarding=${siimeeToken}; max-age=600; path=/onboarding; secure`
-                document.cookie = 'siimee_session_verify='
+        // TODO: Refactor to not nest, use try/catch/throw
+        if (sessionToken) {
+            // TODO: rename
+            // const accessToken = await this.authenticator.validateSession(sessionToken)
+            // hits backend route and the backend route has to be /validateSession/
+            // if backend route succeeds, gives you access token
+            const accessToken = await this.authenticator.validateJwt(
+                sessionToken,
+            )
+            // TODO: isValid logic needs to live on back end
+            if (accessToken.isValid && hashesMatch) {
+                // server needs to issue an ACCESS token here ( getToken() )
+                // const accessToken = await this.authenticator.getToken()
+                document.cookie = `siimee_access=${accessToken}; max-age=600; path=/; secure`
                 this.$router.push('/onboarding')
             }
         } else {
@@ -50,6 +70,9 @@ export default {
             })
             return accessJwt
         },
+        // async doesEmailMatch() {},
+        // async doesTokenExist() {},
+        // async isTokenValid() {},
     },
 }
 </script>