2 yıl önce · ab55182c6f
--- a/backend/lib/plugins/user.js
+++ b/backend/lib/plugins/user.js
@@ -14,7 +14,8 @@ const UserLoginRoute = require('../routes/user/login')
 
				
				 const UserSignupRoute = require('../routes/user/signup')
			
 
				
				 const UserEmailRoute = require('../routes/user/email.js')
			
 
				
				 const UserVerifyEmailRoute = require('../routes/user/verifyemail.js')
			
 
				
				-const UserGetJWTRoute = require('../routes/user/getjwt.js')
			
 
				
				+const UserGetSessionRoute = require('../routes/user/getsession.js')
			
 
				
				+const UserGetAccessRoute = require('../routes/user/getaccess.js')
			
 
				
				 const UserValidateSessionRoute = require('../routes/user/validatesession.js')
			
 
				
				 const UserCheckEmailRegistry = require('../routes/user/check-email-registry.js')
			
 
				
				 const UserByEmail = require('../routes/user/user-by-email.js')
			
@@ -57,7 +58,8 @@ module.exports = {
 
				
				         await server.route(UserProfilesListRoute)
			
 
				
				         await server.route(UserEmailRoute)
			
 
				
				         await server.route(UserVerifyEmailRoute)
			
 
				
				-        await server.route(UserGetJWTRoute)
			
 
				
				+        await server.route(UserGetSessionRoute)
			
 
				
				+        await server.route(UserGetAccessRoute)
			
 
				
				         await server.route(UserValidateSessionRoute)
			
 
				
				         await server.route(UserCheckEmailRegistry)
			
 
				
				         await server.route(UserByEmail)
			
--- a/backend/lib/routes/user/getaccess.js
+++ b/backend/lib/routes/user/getaccess.js
@@ -3,18 +3,18 @@
 
				
				 const Joi = require('joi')
			
 
				
				 
			
 
				
				 const pluginConfig = {
			
 
				
				-    handlerType: 'email',
			
 
				
				+    handlerType: 'authentication',
			
 
				
				     docs: {
			
 
				
				         get: {
			
 
				
				-            description: 'gets jwt after verifying email',
			
 
				
				-            notes: 'Gets jwt after validating email',
			
 
				
				+            description: 'gets access token for authentication',
			
 
				
				+            notes: 'Gets access token for authentication',
			
 
				
				         },
			
 
				
				     },
			
 
				
				 }
			
 
				
				 
			
 
				
				 module.exports = {
			
 
				
				     method: 'POST',
			
 
				
				-    path: '/getjwt',
			
 
				
				+    path: '/getaccess',
			
 
				
				     options: {
			
 
				
				         ...pluginConfig.docs.get,
			
 
				
				         tags: ['api'],
			
@@ -26,7 +26,11 @@ module.exports = {
 
				
				         handler: async function (request, h) {
			
 
				
				             const { userService } = request.server.services()
			
 
				
				             const res = request.payload
			
 
				
				-            const token = await userService.createToken(res)
			
 
				
				+            const token = await userService.createToken({
			
 
				
				+                ...res,
			
 
				
				+                // NOTE: Set Expiration Time for Access Token Here
			
 
				
				+                expires: 60 * 3,
			
 
				
				+            })
			
 
				
				             try {
			
 
				
				                 const response = h.response({
			
 
				
				                     ok: true,
			
@@ -50,7 +54,7 @@ module.exports = {
 
				
				         },
			
 
				
				         response: {
			
 
				
				             // TODO: change back to accommodate new h.response return values
			
 
				
				-            schema: Joi.any().label('get_jwt_res'),
			
 
				
				+            schema: Joi.any().label('get_access_res'),
			
 
				
				             failAction: 'log',
			
 
				
				         },
			
 
				
				     },
			
--- a/backend/lib/routes/user/getsession.js
+++ b/backend/lib/routes/user/getsession.js
@@ -0,0 +1,61 @@
 
				
				+'use strict'
			
 
				
				+
			
 
				
				+const Joi = require('joi')
			
 
				
				+
			
 
				
				+const pluginConfig = {
			
 
				
				+    handlerType: 'authentication',
			
 
				
				+    docs: {
			
 
				
				+        get: {
			
 
				
				+            description: 'gets session token for authentication',
			
 
				
				+            notes: 'Gets session token for authentication',
			
 
				
				+        },
			
 
				
				+    },
			
 
				
				+}
			
 
				
				+
			
 
				
				+module.exports = {
			
 
				
				+    method: 'POST',
			
 
				
				+    path: '/getsession',
			
 
				
				+    options: {
			
 
				
				+        ...pluginConfig.docs.get,
			
 
				
				+        tags: ['api'],
			
 
				
				+        auth: false,
			
 
				
				+        cors: {
			
 
				
				+            headers: ['Authorization'],
			
 
				
				+            exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
			
 
				
				+        },
			
 
				
				+        handler: async function (request, h) {
			
 
				
				+            const { userService } = request.server.services()
			
 
				
				+            const res = request.payload
			
 
				
				+            const token = await userService.createToken({
			
 
				
				+                ...res,
			
 
				
				+                // NOTE: Set Expiration Time for Session Token Here
			
 
				
				+                expires: 60 * 3,
			
 
				
				+            })
			
 
				
				+            try {
			
 
				
				+                const response = h.response({
			
 
				
				+                    ok: true,
			
 
				
				+                    handler: pluginConfig.handlerType,
			
 
				
				+                    data: token,
			
 
				
				+                })
			
 
				
				+                response.header('Authorization', token)
			
 
				
				+                return response
			
 
				
				+            } catch (err) {
			
 
				
				+                return {
			
 
				
				+                    ok: false,
			
 
				
				+                    handler: pluginConfig.handlerType,
			
 
				
				+                    data: {
			
 
				
				+                        error: err,
			
 
				
				+                    },
			
 
				
				+                }
			
 
				
				+            }
			
 
				
				+        },
			
 
				
				+        validate: {
			
 
				
				+            failAction: 'log',
			
 
				
				+        },
			
 
				
				+        response: {
			
 
				
				+            // TODO: change back to accommodate new h.response return values
			
 
				
				+            schema: Joi.any().label('get_session_res'),
			
 
				
				+            failAction: 'log',
			
 
				
				+        },
			
 
				
				+    },
			
 
				
				+}
			
--- a/backend/lib/routes/user/validatesession.js
+++ b/backend/lib/routes/user/validatesession.js
@@ -20,7 +20,7 @@ module.exports = {
 
				
				     options: {
			
 
				
				         ...pluginConfig.docs.get,
			
 
				
				         tags: ['api'],
			
 
				
				-        auth: false,
			
 
				
				+        auth: false, // set to jwt strategy
			
 
				
				         cors: true,
			
 
				
				         handler: async function (request, h) {
			
 
				
				             const sessionToken = request.params.sessionToken
			
--- a/backend/lib/services/user.js
+++ b/backend/lib/services/user.js
@@ -222,10 +222,6 @@ module.exports = class UserService extends Schmervice.Service {
 
				
				      * @param {User} user
			
 
				
				      * @returns {Token}
			
 
				
				      */
			
 
				
				-    // TODO: Put this logic in the routes, NOT here
			
 
				
				-    // createSessionToken(user, payload)
			
 
				
				-    // createAccessToken()
			
 
				
				-    //
			
 
				
				     createToken(data) {
			
 
				
				         const key = this.server.registrations['main-app-plugin'].options.jwtKey
			
 
				
				         const obj = {}
			
@@ -253,8 +249,9 @@ module.exports = class UserService extends Schmervice.Service {
 
				
				      * @param {User} user
			
 
				
				      * @returns {Token}
			
 
				
				      */
			
 
				
				+    // TODO: Move this ino the auth strategies
			
 
				
				     validateToken(token) {
			
 
				
				-        const key = this.server.registrations['main-app-plugin'].options.jwtKey
			
 
				
				+        const key = this.server.registrations['main-app-plugin'].options.jwtKey // mysecret
			
 
				
				         try {
			
 
				
				             return JWT.verify(token, key)
			
 
				
				         } catch (err) {
			
--- a/frontend/src/components/onboarding/Auth.vue
+++ b/frontend/src/components/onboarding/Auth.vue
@@ -67,9 +67,8 @@ export default {
 
				
				                 )
			
 
				
				         },
			
 
				
				         async getSessionToken(payload) {
			
 
				
				-            return await this.authenticator.getJwt({
			
 
				
				+            return await this.authenticator.getSessionToken({
			
 
				
				                 payload,
			
 
				
				-                expires: 60 * 3,
			
 
				
				             })
			
 
				
				         },
			
 
				
				         async signupNewUser(userInfo) {
			
--- a/frontend/src/services/auth.service.js
+++ b/frontend/src/services/auth.service.js
@@ -14,8 +14,11 @@ class Authenticator {
 
				
				         const isVerified = await db.get(`/user/verify/${hashedEmail}`)
			
 
				
				         return isVerified.hashesMatch
			
 
				
				     }
			
 
				
				-    async getJwt(req) {
			
 
				
				-        return await db.post('/user/getjwt', req, true)
			
 
				
				+    async getSessionToken(req) {
			
 
				
				+        return await db.post('/user/getsession', req, true)
			
 
				
				+    }
			
 
				
				+    async getAccessToken(req) {
			
 
				
				+        return await db.post('/user/getaccess', req, true)
			
 
				
				     }
			
 
				
				     async validateSession(sessionToken) {
			
 
				
				         return await db.get(`/user/validatesession/${sessionToken}`)
			
--- a/frontend/src/views/OnboardingView.vue
+++ b/frontend/src/views/OnboardingView.vue
@@ -45,8 +45,6 @@ import stepViews from '@/components/onboarding'
 
				
				 import SurveyCompleteView from './SurveyCompleteView.vue'
			
 
				
				 let sessionToken = null
			
 
				
				 let accessToken = null
			
 
				
				-// import savesurveybyprofileid - call it on submit
			
 
				
				-// paginate to save every steps answers
			
 
				
				 
			
 
				
				 /* BRIAN'S NOTE: 
			
 
				
				 I'll need help here. The logic is getting confusing.
			
@@ -60,6 +58,7 @@ I'll need help here. The logic is getting confusing.
 
				
				             anotherhashedEmailString: expiration_in_milliseconds,
			
 
				
				         }
			
 
				
				 
			
 
				
				+        TODO: jwt, hashedEmail, cookie expiration should be the same
			
 
				
				     3.  The session, access tokens all have jwt expirations as well as cookie expirations
			
 
				
				 
			
 
				
				     4.  Additionally, we have an expiration on each hashedEmail string...
			
@@ -116,6 +115,7 @@ export default {
 
				
				         }
			
 
				
				         // TODO: EVERY ROUTE WE HIT AFTER THIS HAS TO BE AUTHENTICATED
			
 
				
				         // ACCESS TOKEN WORKS
			
 
				
				+        // START PROTECTING ALL ROUTES
			
 
				
				         if (this.emailIsRegistered) {
			
 
				
				             const user = await fetchUserByEmail(this.userEmail)
			
 
				
				             const userId = user.user_id
			
--- a/frontend/src/views/VerifyView.vue
+++ b/frontend/src/views/VerifyView.vue
@@ -42,9 +42,8 @@ export default {
 
				
				         },
			
 
				
				         // QUESTION: This will likely be needed in OnboardingView.vue
			
 
				
				         async getAccessToken(payload) {
			
 
				
				-            const accessToken = await this.authenticator.getJwt({
			
 
				
				+            const accessToken = await this.authenticator.getAccessToken({
			
 
				
				                 payload,
			
 
				
				-                expires: 60 * 3,
			
 
				
				             })
			
 
				
				             document.cookie = `siimee_access=${accessToken}; max-age=600; path=/; secure`
			
 
				
				         },