fyindr
/
siimee
Watch 4
Star 3
Fork 1
Code Pull Requests 1 Releases 4 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
668 Commits
17 Branches
Tree: f7ec41949d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f7ec41949d'
${ noResults }
siimee/backend/lib/services/user.js

user.js 11KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361 
  1. 'use strict'

  2. require('dotenv').config()

  3. const crypto = require('crypto')

  4. const Util = require('util')

  5. const JWT = require('jsonwebtoken')

  6. const Schmervice = require('@hapipal/schmervice')

  7. const SecurePassword = require('secure-password')

  8. 

  9. // Configuration for Brevo

  10. const SibApiV3Sdk = require('sib-api-v3-sdk')

  11. const { access, accessSync } = require('fs')

  12. const defaultClient = SibApiV3Sdk.ApiClient.instance

  13. const apiKey = defaultClient.authentications['api-key']

  14. apiKey.apiKey = process.env.BREVO_KEY

  15. 

  16. const apiInstance = new SibApiV3Sdk.TransactionalEmailsApi()

  17. 

  18. const hasher = async (pwd, steak) => {

  19.     const hash = await pwd.hash(steak)

  20.     const result = await pwd.verify(steak, hash)

  21.     let squirtle = null

  22. 

  23.     switch (result) {

  24.         case SecurePassword.INVALID_UNRECOGNIZED_HASH:

  25.             return console.error(

  26.                 'This hash was not made with secure-password. Attempt legacy algorithm',

  27.             )

  28.         case SecurePassword.INVALID:

  29.             return console.log('Invalid password')

  30.         case SecurePassword.VALID:

  31.             return result

  32.         case SecurePassword.VALID_NEEDS_REHASH:

  33.             console.log('Yay you made it, wait for us to improve your safety')

  34.             try {

  35.                 squirtle = await pwd.hash(steak)

  36.                 // console.log('improvedHash', squirtle)

  37.                 // const saveHash = Auth.insert({user_email:

  38.                 // matchingEmails}).into('token')

  39.                 return squirtle

  40.             } catch (err) {

  41.                 console.error(

  42.                     'You are authenticated, but we could not improve your safety this time around',

  43.                 )

  44.             }

  45.             break

  46.     }

  47. }

  48. 

  49. /** Class for methods used in the User plugin */

  50. module.exports = class UserService extends Schmervice.Service {

  51.     /**

  52.      * Unsure of what our constructor does

  53.      * @param  {...any} args

  54.      */

  55.     constructor(...args) {

  56.         super(...args)

  57.         const pwd = new SecurePassword()

  58.         // TODO: Invalidate this application state somehow after a

  59.         // certain time period has passed

  60.         this.activeSessions = {

  61.             // abc123456: '123456689',

  62.             // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...hashedSessionToken: {

  63.             // email: rawEmailString,

  64.             // name: 'Joe Doe',

  65.             // seeking: 'candidate'

  66.             // sessionToken: rawSessionToken, // use for expires instead of expires?

  67.             // expires: expirationTime in seconds

  68.             // }

  69.         }

  70.         // Check the hashedCookie which is our hashedSessionToken string

  71.         // validate whether or not the rawAccessToken is still valid, if valid good to go.

  72.         // if NOT valid, then we need to reassign accessToken to a newAccessToken

  73.         // this.activeSessions = {

  74.         // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...hashedSessionToken: {

  75.         // accessToken: 'as;dflkja;;dlfkja;sldkf... rawAccessToken'

  76.         // }

  77.         // }

  78. 

  79.         this.pwd = {

  80.             hash: Util.promisify(pwd.hash.bind(pwd)),

  81.             verify: Util.promisify(pwd.verify.bind(pwd)),

  82.         }

  83.     }

  84. 

  85.     /**

  86.      * Use knex to find users with id column

  87.      * @param {number} id

  88.      * @param {*} txn

  89.      * @returns

  90.      */

  91.     async findById(id, txn) {

  92.         const { User } = this.server.models()

  93. 

  94.         return await User.query(txn)

  95.             .throwIfNotFound()

  96.             .first()

  97.             .where({ user_id: id })

  98.     }

  99. 

  100.     /**

  101.      * Use knew to find first user with username

  102.      * @param {*} username

  103.      * @param {*} txn

  104.      * @returns

  105.      */

  106.     async findByUsername(username, txn) {

  107.         const { User } = this.server.models()

  108. 

  109.         return await User.query(txn)

  110.             .throwIfNotFound()

  111.             .first()

  112.             .where({ user_name: username })

  113.     }

  114. 

  115.     /**

  116.      * Use to find first user with useremail

  117.      * @param {*} username

  118.      * @param {*} txn

  119.      * @returns

  120.      */

  121.     async findByUserEmail(userEmail, txn) {

  122.         const { User } = this.server.models()

  123.         const user = await User.query(txn)

  124.             .throwIfNotFound()

  125.             .first()

  126.             .where({ user_email: userEmail })

  127.         return user

  128.     }

  129. 

  130.     async hashToken(token) {

  131.         const salt = process.env.APP_SESSION_SALT

  132.         try {

  133.             return crypto.createHmac('sha256', salt).update(token).digest('hex')

  134.         } catch (err) {

  135.             throw new Error(err.message)

  136.         }

  137.     }

  138. 

  139.     /**

  140.      * Signup function

  141.      * @param {*} param0

  142.      * @param {*} txn

  143.      * @returns

  144.      */

  145.     async signup({ password, userInfo, created_at }, txn) {

  146.         const { User, Auth } = this.server.models()

  147.         const matchingEmails = await User.query().where(

  148.             'user_email',

  149.             userInfo.user_email,

  150.         )

  151.         if (matchingEmails.length > 0) {

  152.             throw `User ${userInfo.user_email} already exists: Cannot create a user without a unique email`

  153.         }

  154.         // Insert User Info to User table

  155.         const insertUser = await User.query().insert(userInfo)

  156.         // insert a row with blank password to be updated by changePassword()

  157.         await Auth.query().insert({

  158.             user_email: insertUser.user_email,

  159.             created_at: created_at,

  160.             token: null,

  161.         })

  162.         // update null token with hashed password

  163.         await this.changePassword(insertUser.user_email, password, txn)

  164.         return {

  165.             user_id: insertUser.id,

  166.             user_name: insertUser.user_name,

  167.             user_email: insertUser.user_email,

  168.             is_poster: insertUser.is_poster,

  169.             is_admin: insertUser.is_admin,

  170.             is_verified: insertUser.is_verified,

  171.         }

  172.     }

  173. 

  174.     /**

  175.      * Updates user's info

  176.      * @param {number} id

  177.      * @param {*} param1

  178.      * @param {*} txn

  179.      * @returns

  180.      */

  181.     async update(id, { password, ...userInfo }, txn) {

  182.         const { User } = this.server.models()

  183. 

  184.         if (Object.keys(userInfo).length > 0) {

  185.             await User.query(txn)

  186.                 .throwIfNotFound()

  187.                 .where({ id })

  188.                 .patch(userInfo)

  189.         }

  190. 

  191.         if (password) {

  192.             await this.changePassword(id, password, txn)

  193.         }

  194. 

  195.         return id

  196.     }

  197. 

  198.     /**

  199.      * Self explanatory

  200.      * @param {*} param0

  201.      * @param {*} txn

  202.      * @returns

  203.      */

  204.     async login({ email, password }, txn) {

  205.         const { User, Auth } = this.server.models()

  206. 

  207.         const user = await Auth.query(txn)

  208.             .throwIfNotFound()

  209.             .first()

  210.             .where({ user_email: email })

  211.         const bufferPepper = Buffer.from(process.env.PEPPER + password)

  212. 

  213.         /** Uncomment to run password check using SecurePassword */

  214.         const passwordCheck = await this.pwd.verify(bufferPepper, user.token)

  215.         if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {

  216.             await this.changePassword(user.user_email, password, txn)

  217.         } else if (passwordCheck !== SecurePassword.VALID) {

  218.             throw User.createNotFoundError()

  219.         }

  220. 

  221.         return user

  222.     }

  223. 

  224.     /**

  225.      * Create a token to be sent in request headers

  226.      * @param {data, expiration}

  227.      * @returns {Token}

  228.      */

  229.     createToken(data, expiration = 600) {

  230.         const key = this.server.registrations['main-app-plugin'].options.jwtKey

  231.         const obj = {}

  232.         Object.assign(obj, { ...data })

  233.         return JWT.sign(obj, key, { expiresIn: expiration })

  234.     }

  235. 

  236.     /**

  237.      * Validates whether a token has expired or not

  238.      * @param {User} user

  239.      * @returns {Token}

  240.      */

  241.     validateToken(token) {

  242.         const key = this.server.registrations['main-app-plugin'].options.jwtKey

  243.         try {

  244.             return JWT.verify(token, key)

  245.         } catch (err) {

  246.             return { payload: null, message: err.message }

  247.         }

  248.     }

  249.     /**

  250.      * Uses this.validateToken() to verify hashedSessionToken's

  251.      * existence, expiry, and also valdiates accessToken

  252.      * @param {HashedSessionToken} hashedSessionToken

  253.      * @returns {PayloadFromActiveSessions}

  254.      */

  255.     validateSession(hashedAccessToken) {

  256.         const userSession = this.activeSessions[hashedAccessToken]

  257.         if (!userSession) {

  258.             throw new Error(

  259.                 'hashedSessionToken not in activeSessions registry!',

  260.             )

  261.         }

  262.         if (!userSession.emailWasRespondedTo) {

  263.             throw new Error('email was never responded to!')

  264.         }

  265.         const accessToken = userSession.accessToken

  266.         const accessTokenIsValid = this.validateToken(accessToken)

  267.         return {

  268.             ...accessTokenIsValid.payload,

  269.             accessToken: this.activeSessions[hashedAccessToken].accessToken,

  270.         }

  271.     }

  272.     removeSession(hashedAccessToken) {

  273.         const userSession = this.activeSessions[hashedAccessToken]

  274.         if (!userSession) {

  275.             throw new Error(

  276.                 'hashedSessionToken not in activeSessions registry!',

  277.             )

  278.         } else {

  279.             delete this.activeSessions[hashedAccessToken]

  280.         }

  281.     }

  282.     /**

  283.      * Use knex to try to change password entry

  284.      * @param {number} id

  285.      * @param {string} password

  286.      * @param {*} txn

  287.      * @returns {number}

  288.      */

  289.     async changePassword(email, password, txn) {

  290.         const { Auth } = this.server.models()

  291. 

  292.         const hashed = await this.pwd.hash(

  293.             Buffer.from(process.env.PEPPER + password),

  294.         )

  295. 

  296.         await Auth.query(txn)

  297.             .throwIfNotFound()

  298.             .where({ user_email: email })

  299.             .patch({

  300.                 // user_email: email,

  301.                 token: hashed,

  302.             })

  303.         return email

  304.     }

  305. 

  306.     async getPassword(email, txn) {

  307.         const { Auth } = this.server.models()

  308. 

  309.         const passwordRow = await Auth.query(txn)

  310.             .where('user_email', email)

  311.             .first()

  312.         return passwordRow ? passwordRow.token : null

  313.     }

  314. 

  315.     /**

  316.      * Sends a Transactional Email via Brevo

  317.      * @ returns {Object}

  318.      */

  319.     async emailSent(userCredentials) {

  320.         const hashedAccessToken = await this.hashToken(

  321.             userCredentials.accessToken,

  322.         )

  323.         if (Object.keys(this.activeSessions).includes(hashedAccessToken)) {

  324.             return new Error('session already in cache!!')

  325.         }

  326.         // Set expiration time for ten minutes from now

  327.         const duration = 600000

  328. 

  329.         this.activeSessions[hashedAccessToken] = {

  330.             email: userCredentials.email,

  331.             name: userCredentials.name,

  332.             seeking: userCredentials.seeking,

  333.             accessToken: userCredentials.accessToken,

  334.             expiration: Date.now() + duration,

  335.             emailWasRespondedTo: false,

  336.             sessionToken: null,

  337.         }

  338. 

  339.         const sendSmtpEmail = {

  340.             to: [

  341.                 {

  342.                     email: userCredentials.email,

  343.                 },

  344.             ],

  345.             templateId: 1,

  346.             params: {

  347.                 // TODO: Change this in production...

  348.                 link: `localhost:3000/verify/${hashedAccessToken}`,

  349.             },

  350.         }

  351. 

  352.         return await apiInstance.sendTransacEmail(sendSmtpEmail).then(

  353.             data => {

  354.                 return { wasSuccessfull: true, data: data }

  355.             },

  356.             error => {

  357.                 return { wasSuccessfull: false, error: error }

  358.             },

  359.         )

  360.     }

  361. }