:construction: Successfully moved jwt into response headers and grabbed it on front end

backend/lib/auth/strategies/jwt.js

@@ -7,7 +7,7 @@ module.exports = options => {
             algorithms: ['HS256'],
         },
         validate: (decoded, request, h) => {
-            console.log('decoded :>>', decoded)
+            console.log('decoded :>>', decoded) // doesn't log to console...
             try {
                 // Check if the Access Token is Valid
                 // if (!accessTokenIsValid) {

backend/lib/routes/user/getjwt.js

@@ -19,19 +19,22 @@ module.exports = {
         ...pluginConfig.docs.get,
         tags: ['api'],
         auth: false,
-        cors: true,
+        cors: {
+            headers: ['Authorization'],
+            exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
+        },
         handler: async function (request, h) {
             const { userService } = request.server.services()
             const res = request.payload
             const token = await userService.createToken(res)
-            // TODO: Move logic adding initial three responses to here
             try {
-                // return h.state(token)
-                return {
+                const response = h.response({
                     ok: true,
                     handler: pluginConfig.handlerType,
                     data: token,
-                }
+                })
+                response.header('Authorization', token)
+                return response
             } catch (err) {
                 return {
                     ok: false,
@@ -46,11 +49,8 @@ module.exports = {
             failAction: 'log',
         },
         response: {
-            schema: Joi.object({
-                ok: Joi.bool(),
-                handler: Joi.string(),
-                data: Joi.string(),
-            }).label('get_jwt_res'),
+            // TODO: change back to accommodate new h.response return values
+            schema: Joi.any().label('get_jwt_res'),
             failAction: 'log',
         },
     },

backend/lib/routes/user/validatesession.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const { plugin } = require('@hapi/inert')
 const Joi = require('joi')
 
 const pluginConfig = {
@@ -24,23 +25,19 @@ module.exports = {
         handler: async function (request, h) {
             const sessionToken = request.params.sessionToken
             const { userService } = request.server.services()
-            const sessionTokenIsValid = userService.validateToken(sessionToken)
             try {
+                const validatedSessionToken =
+                    userService.validateToken(sessionToken)
                 return {
                     ok: true,
                     handler: pluginConfig.handlerType,
-                    data: {
-                        isValid: sessionTokenIsValid.isValid,
-                        payload: sessionTokenIsValid.payload,
-                    },
+                    data: validatedSessionToken,
                 }
             } catch (err) {
                 return {
                     ok: false,
                     handler: pluginConfig.handlerType,
-                    data: {
-                        error: err,
-                    },
+                    data: err.message,
                 }
             }
         },

backend/lib/services/user.js

@@ -18,8 +18,8 @@ const hashEmail = async email => {
     try {
         return crypto.createHmac('sha256', '').update(email).digest('hex')
     } catch (err) {
-        console.error('ERROR :=>', err)
-        return undefined
+        // console.error('ERROR :=>', err)
+        throw new Error(err.message)
     }
 }
 const hasher = async (pwd, steak) => {
@@ -226,12 +226,12 @@ module.exports = class UserService extends Schmervice.Service {
     // createSessionToken(user, payload)
     // createAccessToken()
     //
-    createToken(user) {
+    createToken(data) {
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
         const obj = {}
 
-        Object.assign(obj, { ...user })
-        return JWT.sign(obj, key)
+        Object.assign(obj, { ...data })
+        return JWT.sign(obj, key, { expiresIn: data.expires })
     }
 
     async registerSession(user, hashedEmail, token) {
@@ -254,15 +254,11 @@ module.exports = class UserService extends Schmervice.Service {
      * @returns {Token}
      */
     validateToken(token) {
-        console.log('token :=>', token)
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
         try {
-            const decodedToken = JWT.verify(token, key)
-            console.log('decodedToken :=>', decodedToken)
-            return { isValid: true, payload: decodedToken }
+            return JWT.verify(token, key)
         } catch (err) {
-            console.error('ERROR :=>', err)
-            return { isValid: false, error: err.message }
+            throw new Error(err.message)
         }
     }
 

frontend/src/components/onboarding/Auth.vue

@@ -53,9 +53,8 @@ export default {
             await createProfileForUserId(newUserId, this.responses)
             const jwt = await this.authenticator.getJwt({
                 ...this.answered,
-                expiration: 60 * 10,
+                expires: 60 * 3,
             })
-            console.log('jwt :=>', jwt)
             document.cookie = `siimee_session=${jwt}; max-age=600; path=/; secure`
             await this.authenticator.sendAuthEmail(this.answered)
         } else {

frontend/src/services/auth.service.js

@@ -19,11 +19,38 @@ class Authenticator {
         const isVerified = await db.get(`/user/verify/${hashedEmail}`)
         return isVerified.hashesMatch
     }
+
     async getJwt(req) {
-        const jwt = await db.post('/user/getjwt', req)
-        // TODO: Move token into repsonse.headers
-        // return response.headers ?
-        return jwt
+        // TODO: Clean up, should be able to use TOJ's db.post function,
+        // may need custon db.postWithHeaders() func or something like that...
+        const response = await fetch('http://localhost:3001/api/user/getjwt', {
+            method: 'POST',
+            mode: 'cors',
+            cache: 'no-cache',
+            credentials: 'omit',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            redirect: 'manual',
+            referrerPolicy: 'no-referrer',
+            body: JSON.stringify({ payload: req, expires: 600 }),
+        }).then(response => {
+            return response
+        })
+        console.log('response.headers :=>', response.headers)
+        // TODO: consider cleaner way to convert headers into JS Object
+        const getHeaders = headers => {
+            const headerObj = {}
+            const keys = headers.keys()
+            let header = keys.next()
+            while (header.value) {
+                headerObj[header.value] = headers.get(header.value)
+                header = keys.next()
+            }
+            return headerObj
+        }
+        const headerObj = getHeaders(response.headers)
+        return headerObj['authorization']
     }
 
     async validateSession(sessionToken) {

frontend/src/views/OnboardingView.vue

@@ -70,21 +70,24 @@ export default {
         this.authenticator = new Authenticator()
         // TODO: Once tokens are coming through headers, refactor all of this into methods, etc.
         // TODO: Consider switch/case() depending on what tokens exist/are valid...
-        sessionToken = this.grabStoredCookie('siimee_session')
-        // if (!sessionToken) {
-        //     //
-        // }
-        // accessToken = this.grabStoredCookie('siimee_access_onboarding')
+        const sessionToken = this.grabStoredCookie('siimee_session')
+        if (!sessionToken) {
+            console.warn('WARNING :=> sessionToken not in stored Cookies')
+            this.goToStep(0)
+        }
+        // const accessToken = this.grabStoredCookie('siimee_access')
         // if (!accessToken) {
+        // check if sessionToken is valid jwt
         //     // blow up
         // }
         let sessionData
         if (sessionToken) {
             sessionData = await this.authenticator.validateSession(sessionToken)
+            console.log('sessionData :=>', sessionData)
         }
-        // if (sessionData.isValid && !accessToken) {
-        if (sessionData.isValid) {
-            this.userEmail = sessionData.payload.email
+        // if (sessionData && !accessToken) {
+        if (sessionData) {
+            this.userEmail = sessionData.email
             this.emailIsRegistered =
                 await this.authenticator.checkIfEmailIsRegistered(
                     this.userEmail,

frontend/src/views/VerifyView.vue

@@ -17,13 +17,14 @@ export default {
         const hashEmail = this.$route.params.email
 
         const hashesMatch = await this.authenticator.verifyAuthEmail(hashEmail)
+        const sessionToken = this.grabCookie('siimee_session')
         // TODO: Refactor, see methods below
         // if (!hashesMatch) {
         //     throw new Error('no record of hashed email in cache')
         //     this.$router.push('/onboarding')
         // }
+
         // TODO: THIS NEEDS TO BE SENT OVER TO verifyAuthEmail(hashEmail) in the headers
-        const sessionToken = this.grabCookie('siimee_session')
         // TODO: Refactor, see methods below
         // if (!sessionToken) {
         //     throw new Error('token doesn't exist)
@@ -32,15 +33,14 @@ export default {
 
         // TODO: Refactor to not nest, use try/catch/throw
         if (sessionToken) {
-            // NOTE: hits backend route and the backend route has to be /validateSession/
-            // if backend route succeeds, gives you access token
-            const accessToken = await this.authenticator.validateSession(
-                sessionToken,
-            )
-            // TODO: isValid logic needs to live on back end
-            if (accessToken.isValid && hashesMatch) {
-                // server needs to issue an ACCESS token here ( getToken() )
-                // const accessToken = await this.authenticator.getToken()
+            const validatedSessionToken =
+                await this.authenticator.validateSession(sessionToken)
+            if (validatedSessionToken && hashesMatch) {
+                // TODO: What payload does accessToken need in first param to getJwt?
+                const accessToken = await this.authenticator.getJwt({
+                    ...sessionToken,
+                    expires: 60 * 3,
+                })
                 document.cookie = `siimee_access=${accessToken}; max-age=600; path=/; secure`
                 this.$router.push('/onboarding')
             }
@@ -64,7 +64,7 @@ export default {
         async generateAccessToken() {
             const accessJwt = await this.authenticator.getJwt({
                 ...this.answers,
-                expiration: 60 * 3, // testing for now... extend to 1 hour?
+                expires: 60 * 3,
             })
             return accessJwt
         },