:recycle: lock-down every route

backend/lib/auth/strategies/jwt.js

@@ -10,6 +10,7 @@ module.exports = options => {
             aud: 'urn:audience:test',
             iss: 'urn:issuer:test',
             sub: false,
+            maxAgeSec: 14400, // 4 hours
         },
         validate: (artifacts, request, h) => {
             try {

backend/lib/routes/health/get.js

@@ -8,47 +8,52 @@ const pluginConfig = {
     handlerType: 'health',
     docs: {
         description: 'Get server stats',
-        notes: 'Returns stats on server status'
-    }
+        notes: 'Returns stats on server status',
+    },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {}
 
 const responseSchemas = {
     health: healthSchema.stats,
-    error: errorSchema.single
+    error: errorSchema.single,
 }
 
 module.exports = {
     method: 'GET',
     path: '/',
-    options:{
+    options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { healthService } = request.server.services()
             const stats = await healthService.getStats()
             try {
-                return h.response(({
-                    ok:true,
-                    handler: pluginConfig.handlerType,
-                    data: stats
-                })).code(200)
+                return h
+                    .response({
+                        ok: true,
+                        handler: pluginConfig.handlerType,
+                        data: stats,
+                    })
+                    .code(200)
             } catch (err) {
                 return h
                     .response({
                         ok: false,
                         handler: pluginConfig.handlerType,
-                        data: {error: `${err}`}
+                        data: { error: `${err}` },
                     })
                     .code(409)
             }
         },
         validate: {
             ...validators,
-            failAction: 'log'
+            failAction: 'log',
         },
 
         response: {
@@ -66,4 +71,4 @@ module.exports = {
             },
         },
     },
-}
+}

backend/lib/routes/membership/active.js

@@ -12,6 +12,11 @@ const pluginConfig = {
         description: 'active memberships',
         notes: 'A list of groupings with active membership',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -57,10 +62,7 @@ module.exports = {
     path: '/{profile_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { membershipService, profileService } =
                 request.server.services()

backend/lib/routes/membership/join.js

@@ -11,6 +11,11 @@ const pluginConfig = {
         description: 'join',
         notes: 'Join a grouping by creating a membership record',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -37,9 +42,7 @@ module.exports = {
     path: '/{profile_id}/join',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
 
         /**
          * Join a grouping by creating a membership record

backend/lib/routes/membership/leave.js

@@ -8,6 +8,11 @@ const pluginConfig = {
         description: 'leave',
         notes: 'Leave a grouping by editing a membership record',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -21,8 +26,7 @@ module.exports = {
     path: '/leave',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 return {

backend/lib/routes/membership/reveal.js

@@ -9,6 +9,11 @@ const pluginConfig = {
         description: 'reveal',
         notes: 'Reveal profile information to a grouping by membership',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -22,14 +27,13 @@ const responseSchemas = {
     }),
     error: errorSchema.single,
 }
+
 module.exports = {
     method: 'POST',
     path: '/{grouping_id}/reveal',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { membershipService, profileService } =
                 request.server.services()

backend/lib/routes/notification/index.js

@@ -1,6 +1,3 @@
-const Joi = require('joi')
-const apiSchema = require('../../schemas/api')
-const errorSchema = require('../../schemas/errors')
 const params = require('../../schemas/params')
 
 const pluginConfig = {
@@ -9,6 +6,11 @@ const pluginConfig = {
         description: 'subscribe',
         notes: 'Subscribe to notifications based on profile_id',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -20,9 +22,7 @@ module.exports = {
     path: '/{profile_id}/subscribe',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async (request, h) => {
             const { profile_id } = request.params
 

backend/lib/routes/profile/get.js

@@ -11,6 +11,11 @@ const pluginConfig = {
         description: 'Returns a single profile with tags',
         notes: 'returns from the Profiles Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
@@ -27,10 +32,7 @@ module.exports = {
     path: '/{profile_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profile_id } = request.params
             const { profileService } = request.server.services()

backend/lib/routes/profile/match.js

@@ -10,6 +10,11 @@ const pluginConfig = {
         description: 'matches',
         notes: 'Match everyone',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {}
@@ -24,9 +29,7 @@ module.exports = {
     path: '/match',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
+        ...pluginConfig.opts,
 
         handler: async function (request, h) {
             const { matchService, matchQueueService } =

backend/lib/routes/profile/patch-queue.js

@@ -12,6 +12,11 @@ const pluginConfig = {
         description: 'Updates match queue in place',
         notes: 'Updates in place and does not delete from table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
@@ -34,10 +39,7 @@ module.exports = {
     path: '/{profile_id}/queue/{target_id}/delete',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profile_id, target_id } = request.params
             const { include_profile, reinsert } = request.query

backend/lib/routes/profile/queue.js

@@ -12,6 +12,11 @@ const pluginConfig = {
         description: 'Returns previously scored profiles',
         notes: 'returns from the MatchQueue Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
@@ -31,10 +36,7 @@ module.exports = {
     path: '/{profile_id}/queue',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profile_id } = request.params
             const { include_profile } = request.query

backend/lib/routes/profile/respond.js

@@ -12,6 +12,11 @@ const pluginConfig = {
         description: 'Update profile',
         notes: 'Update profile responses',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
@@ -40,10 +45,7 @@ module.exports = {
     path: '/{profile_id}/respond',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profileService } = request.services()
 

backend/lib/routes/profile/score.js

@@ -12,6 +12,11 @@ const pluginConfig = {
         description: 'scores',
         notes: 'A list of profile scores',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -40,10 +45,7 @@ module.exports = {
     path: '/{profile_id}/score',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profileService, matchQueueService } =
                 request.server.services()

backend/lib/routes/profile/update.js

@@ -12,6 +12,11 @@ const pluginConfig = {
         description: 'Update profile',
         notes: 'Update profile responses',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
@@ -37,10 +42,7 @@ module.exports = {
     path: '/{profile_id}/update/{response_id?}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profileService } = request.services()
             const profileId = request.params.profile_id

backend/lib/routes/survey/questions.js

@@ -10,6 +10,11 @@ const pluginConfig = {
         description: 'Get survey questions',
         notes: 'Returns a list of all possible survey questions in the form of response_keys',
     },
+    opts: {
+        tags: ['api'],
+        auth: false,
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
@@ -32,10 +37,7 @@ module.exports = {
     path: '/questions',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { responseService } = request.services()
             const responseKeys = await responseService.getResponseKeys()

backend/lib/routes/survey/responses.js

@@ -11,6 +11,11 @@ const pluginConfig = {
         description: 'Get responses to questions',
         notes: 'Returns a list of all survey responses for a user',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
@@ -33,9 +38,7 @@ module.exports = {
     path: '/questions',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
+        ...pluginConfig.opts,
 
         handler: async function (request, h) {
             const { responseService } = request.services()

backend/lib/routes/tag/get.js

@@ -11,6 +11,11 @@ const pluginConfig = {
         description: 'Get tags based on membership id',
         notes: 'returns from the Tag Associations Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
@@ -31,10 +36,7 @@ module.exports = {
     path: '/{profile_id}/tags/{grouping_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { grouping_id, profile_id } = request.params
             const { profileService } = request.server.services()

backend/lib/routes/tag/reveal.js

@@ -11,6 +11,11 @@ const pluginConfig = {
         description: 'Reveals part of a profile based on tag',
         notes: 'returns from the Tag Associations Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
@@ -31,10 +36,8 @@ module.exports = {
     path: '/{profile_id}/reveal/{tag_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
+
         handler: async function (request, h) {
             const { profile_id, tag_id } = request.params
             const { profileService } = request.server.services()

backend/lib/routes/user/authentication.js

@@ -11,12 +11,17 @@ const pluginConfig = {
             notes: 'Returns a password by the user email passed in the path',
         },
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
 const validators = {
     /** Validate the route params (/active/{thing}) */
-    params: params.userEmail
+    params: params.userEmail,
 }
 
 module.exports = {
@@ -24,10 +29,7 @@ module.exports = {
     path: '/{user_email}/password',
     options: {
         ...pluginConfig.docs.get,
-        tags: ['api'],
-        // auth: 'default_jwt',
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 const { userService } = request.services()

backend/lib/routes/user/create-profile.js

@@ -10,6 +10,11 @@ const pluginConfig = {
         description: 'Create profile for user',
         notes: 'Create a profile associated with this user',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -44,10 +49,7 @@ module.exports = {
     path: '/{user_id}/profile',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { userService, profileService } = request.server.services()
             const userId = request.params.user_id

backend/lib/routes/user/current.js

@@ -11,6 +11,11 @@ const pluginConfig = {
             notes: 'Returns a user item by the id passed in the path',
         },
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
@@ -25,8 +30,7 @@ module.exports = {
     path: '/{name}',
     options: {
         ...pluginConfig.docs.get,
-        tags: ['api'],
-        auth: 'default_jwt',
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 const auth = {

backend/lib/routes/user/list-profiles.js

@@ -11,6 +11,11 @@ const pluginConfig = {
         description: 'profiles',
         notes: 'A list of profiles associated with this user',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
@@ -36,10 +41,7 @@ module.exports = {
     path: '/{user_id}/profiles',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { userService, profileService } = request.server.services()
             const userId = request.params.user_id

backend/lib/routes/user/login.js

@@ -10,6 +10,11 @@ const pluginConfig = {
         description: 'login',
         notes: 'Attempt login',
     },
+    opts: {
+        tags: ['api'],
+        auth: false,
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
@@ -19,7 +24,6 @@ const validators = {
             user_email: Joi.string(),
             password: Joi.string(),
         }),
-        
     },
     user: userSchema.single,
     error: errorSchema.single,
@@ -30,8 +34,7 @@ module.exports = {
     path: '/login',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 const { userService } = request.services()

backend/lib/routes/user/signup.js

@@ -10,6 +10,11 @@ const pluginConfig = {
         description: 'Create a user',
         notes: 'Create a user and other things',
     },
+    opts: {
+        tags: ['api'],
+        auth: false,
+        cors: true,
+    },
 }
 
 const validators = {
@@ -35,10 +40,8 @@ module.exports = {
     path: '/signup',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
+
         handler: async function (request, h) {
             const { userService } = request.server.services()
             const res = request.payload
@@ -56,7 +59,7 @@ module.exports = {
                         is_admin: 0,
                         is_verified: 0,
                     },
-                    created_at: Date.now()
+                    created_at: Date.now(),
                 })
                 return h
                     .response({

backend/lib/services/user.js

@@ -5,36 +5,6 @@ const Jwt = require('@hapi/jwt')
 const Schmervice = require('@hapipal/schmervice')
 const SecurePassword = require('secure-password')
 
-const hasher = async (pwd, steak) => {
-    const hash = await pwd.hash(steak)
-    const result = await pwd.verify(steak, hash)
-    let squirtle = null
-
-    switch (result) {
-        case SecurePassword.INVALID_UNRECOGNIZED_HASH:
-            return console.error(
-                'This hash was not made with secure-password. Attempt legacy algorithm',
-            )
-        case SecurePassword.INVALID:
-            return console.log('Invalid password')
-        case SecurePassword.VALID:
-            return result
-        case SecurePassword.VALID_NEEDS_REHASH:
-            console.log('Yay you made it, wait for us to improve your safety')
-            try {
-                squirtle = await pwd.hash(steak)
-                // console.log('improvedHash', squirtle)
-                // const saveHash = Auth.insert({user_email: matchingEmails}, ).into('token')
-                return squirtle
-            } catch (err) {
-                console.error(
-                    'You are authenticated, but we could not improve your safety this time around',
-                )
-            }
-            break
-    }
-}
-
 /** Class for methods used in the User plugin */
 module.exports = class UserService extends Schmervice.Service {
     /**
@@ -185,7 +155,7 @@ module.exports = class UserService extends Schmervice.Service {
                 algorithm: 'HS256',
             },
             {
-                ttlSec: 4 * 60 * 60, // 7 days
+                ttlSec: 14400, // 4 hours
             },
         )
     }