:recycle: lock-down every route

backend/lib/auth/strategies/jwt.js

             aud: 'urn:audience:test',
             iss: 'urn:issuer:test',
             sub: false,
+            maxAgeSec: 14400, // 4 hours
         },
         validate: (artifacts, request, h) => {
             try {

backend/lib/routes/health/get.js

     handlerType: 'health',
     docs: {
         description: 'Get server stats',
-        notes: 'Returns stats on server status'
-    }
+        notes: 'Returns stats on server status',
+    },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {}
 
 const responseSchemas = {
     health: healthSchema.stats,
-    error: errorSchema.single
+    error: errorSchema.single,
 }
 
 module.exports = {
     method: 'GET',
     path: '/',
-    options:{
+    options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { healthService } = request.server.services()
             const stats = await healthService.getStats()
             try {
-                return h.response(({
-                    ok:true,
-                    handler: pluginConfig.handlerType,
-                    data: stats
-                })).code(200)
+                return h
+                    .response({
+                        ok: true,
+                        handler: pluginConfig.handlerType,
+                        data: stats,
+                    })
+                    .code(200)
             } catch (err) {
                 return h
                     .response({
                         ok: false,
                         handler: pluginConfig.handlerType,
-                        data: {error: `${err}`}
+                        data: { error: `${err}` },
                     })
                     .code(409)
             }
         },
         validate: {
             ...validators,
-            failAction: 'log'
+            failAction: 'log',
         },
 
         response: {
             },
         },
     },
-}
+}

backend/lib/routes/membership/active.js

         description: 'active memberships',
         notes: 'A list of groupings with active membership',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/{profile_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { membershipService, profileService } =
                 request.server.services()

backend/lib/routes/membership/join.js

         description: 'join',
         notes: 'Join a grouping by creating a membership record',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/{profile_id}/join',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
 
         /**
          * Join a grouping by creating a membership record

backend/lib/routes/membership/leave.js

         description: 'leave',
         notes: 'Leave a grouping by editing a membership record',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/leave',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 return {

backend/lib/routes/membership/reveal.js

         description: 'reveal',
         notes: 'Reveal profile information to a grouping by membership',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     }),
     error: errorSchema.single,
 }
+
 module.exports = {
     method: 'POST',
     path: '/{grouping_id}/reveal',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { membershipService, profileService } =
                 request.server.services()

backend/lib/routes/notification/index.js

-const Joi = require('joi')
-const apiSchema = require('../../schemas/api')
-const errorSchema = require('../../schemas/errors')
 const params = require('../../schemas/params')
 
 const pluginConfig = {
         description: 'subscribe',
         notes: 'Subscribe to notifications based on profile_id',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/{profile_id}/subscribe',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async (request, h) => {
             const { profile_id } = request.params
 

backend/lib/routes/profile/get.js

         description: 'Returns a single profile with tags',
         notes: 'returns from the Profiles Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
     path: '/{profile_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profile_id } = request.params
             const { profileService } = request.server.services()

backend/lib/routes/profile/match.js

         description: 'matches',
         notes: 'Match everyone',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {}
     path: '/match',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
+        ...pluginConfig.opts,
 
         handler: async function (request, h) {
             const { matchService, matchQueueService } =

backend/lib/routes/profile/patch-queue.js

         description: 'Updates match queue in place',
         notes: 'Updates in place and does not delete from table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
     path: '/{profile_id}/queue/{target_id}/delete',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profile_id, target_id } = request.params
             const { include_profile, reinsert } = request.query

backend/lib/routes/profile/queue.js

         description: 'Returns previously scored profiles',
         notes: 'returns from the MatchQueue Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
     path: '/{profile_id}/queue',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profile_id } = request.params
             const { include_profile } = request.query

backend/lib/routes/profile/respond.js

         description: 'Update profile',
         notes: 'Update profile responses',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
     path: '/{profile_id}/respond',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profileService } = request.services()
 

backend/lib/routes/profile/score.js

         description: 'scores',
         notes: 'A list of profile scores',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/{profile_id}/score',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profileService, matchQueueService } =
                 request.server.services()

backend/lib/routes/profile/update.js

         description: 'Update profile',
         notes: 'Update profile responses',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
     path: '/{profile_id}/update/{response_id?}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { profileService } = request.services()
             const profileId = request.params.profile_id

backend/lib/routes/survey/questions.js

         description: 'Get survey questions',
         notes: 'Returns a list of all possible survey questions in the form of response_keys',
     },
+    opts: {
+        tags: ['api'],
+        auth: false,
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
     path: '/questions',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { responseService } = request.services()
             const responseKeys = await responseService.getResponseKeys()

backend/lib/routes/survey/responses.js

         description: 'Get responses to questions',
         notes: 'Returns a list of all survey responses for a user',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
     path: '/questions',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
+        ...pluginConfig.opts,
 
         handler: async function (request, h) {
             const { responseService } = request.services()

backend/lib/routes/tag/get.js

         description: 'Get tags based on membership id',
         notes: 'returns from the Tag Associations Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
     path: '/{profile_id}/tags/{grouping_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { grouping_id, profile_id } = request.params
             const { profileService } = request.server.services()

backend/lib/routes/tag/reveal.js

         description: 'Reveals part of a profile based on tag',
         notes: 'returns from the Tag Associations Table',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const responseSchemas = {
     path: '/{profile_id}/reveal/{tag_id}',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
+
         handler: async function (request, h) {
             const { profile_id, tag_id } = request.params
             const { profileService } = request.server.services()

backend/lib/routes/user/authentication.js

             notes: 'Returns a password by the user email passed in the path',
         },
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
 const validators = {
     /** Validate the route params (/active/{thing}) */
-    params: params.userEmail
+    params: params.userEmail,
 }
 
 module.exports = {
     path: '/{user_email}/password',
     options: {
         ...pluginConfig.docs.get,
-        tags: ['api'],
-        // auth: 'default_jwt',
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 const { userService } = request.services()

backend/lib/routes/user/create-profile.js

         description: 'Create profile for user',
         notes: 'Create a profile associated with this user',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/{user_id}/profile',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { userService, profileService } = request.server.services()
             const userId = request.params.user_id

backend/lib/routes/user/current.js

             notes: 'Returns a user item by the id passed in the path',
         },
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
     path: '/{name}',
     options: {
         ...pluginConfig.docs.get,
-        tags: ['api'],
-        auth: 'default_jwt',
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 const auth = {

backend/lib/routes/user/list-profiles.js

         description: 'profiles',
         notes: 'A list of profiles associated with this user',
     },
+    opts: {
+        tags: ['api'],
+        auth: { strategy: 'default_jwt' },
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/{user_id}/profiles',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             const { userService, profileService } = request.server.services()
             const userId = request.params.user_id

backend/lib/routes/user/login.js

         description: 'login',
         notes: 'Attempt login',
     },
+    opts: {
+        tags: ['api'],
+        auth: false,
+        cors: true,
+    },
 }
 
 /** Validator functions by request method */
             user_email: Joi.string(),
             password: Joi.string(),
         }),
-        
     },
     user: userSchema.single,
     error: errorSchema.single,
     path: '/login',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        auth: false,
+        ...pluginConfig.opts,
         handler: async function (request, h) {
             try {
                 const { userService } = request.services()

backend/lib/routes/user/signup.js

         description: 'Create a user',
         notes: 'Create a user and other things',
     },
+    opts: {
+        tags: ['api'],
+        auth: false,
+        cors: true,
+    },
 }
 
 const validators = {
     path: '/signup',
     options: {
         ...pluginConfig.docs,
-        tags: ['api'],
-        /** Protect this route with authentication? */
-        auth: false,
-        cors: true,
+        ...pluginConfig.opts,
+
         handler: async function (request, h) {
             const { userService } = request.server.services()
             const res = request.payload
                         is_admin: 0,
                         is_verified: 0,
                     },
-                    created_at: Date.now()
+                    created_at: Date.now(),
                 })
                 return h
                     .response({

backend/lib/services/user.js

 const Schmervice = require('@hapipal/schmervice')
 const SecurePassword = require('secure-password')
 
-const hasher = async (pwd, steak) => {
-    const hash = await pwd.hash(steak)
-    const result = await pwd.verify(steak, hash)
-    let squirtle = null
-
-    switch (result) {
-        case SecurePassword.INVALID_UNRECOGNIZED_HASH:
-            return console.error(
-                'This hash was not made with secure-password. Attempt legacy algorithm',
-            )
-        case SecurePassword.INVALID:
-            return console.log('Invalid password')
-        case SecurePassword.VALID:
-            return result
-        case SecurePassword.VALID_NEEDS_REHASH:
-            console.log('Yay you made it, wait for us to improve your safety')
-            try {
-                squirtle = await pwd.hash(steak)
-                // console.log('improvedHash', squirtle)
-                // const saveHash = Auth.insert({user_email: matchingEmails}, ).into('token')
-                return squirtle
-            } catch (err) {
-                console.error(
-                    'You are authenticated, but we could not improve your safety this time around',
-                )
-            }
-            break
-    }
-}
-
 /** Class for methods used in the User plugin */
 module.exports = class UserService extends Schmervice.Service {
     /**
                 algorithm: 'HS256',
             },
             {
-                ttlSec: 4 * 60 * 60, // 7 days
+                ttlSec: 14400, // 4 hours
             },
         )
     }