fyindr
/
siimee
Suivre 4
Ajouter aux favoris 3
Bifurcation 1
Code Demandes d'ajout 1 Versions 4 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
759 Révisions
17 Branches
Aborescence: ff45f381d7
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'ff45f381d7'
${ noResults }
siimee/backend/lib/services/user.js

user.js 10KB
Historique Brut

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337 
  1. 'use strict'

  2. require('dotenv').config()

  3. const crypto = require('crypto')

  4. const Util = require('util')

  5. const JWT = require('jsonwebtoken')

  6. const Schmervice = require('@hapipal/schmervice')

  7. const SecurePassword = require('secure-password')

  8. 

  9. // Configuration for Brevo

  10. const SibApiV3Sdk = require('@getbrevo/brevo')

  11. let apiInstance = new SibApiV3Sdk.AccountApi()

  12. apiInstance.setApiKey(

  13.     SibApiV3Sdk.AccountApiApiKeys.apiKey,

  14.     process.env.BREVO_KEY,

  15. )

  16. const sendSmtpEmail = new SibApiV3Sdk.SendSmtpEmail()

  17. 

  18. // TODO: Consider implementing, nice use of SecurePassword,

  19. // but currently not used anywhere...

  20. const hasher = async (pwd, steak) => {

  21.     const hash = await pwd.hash(steak)

  22.     const result = await pwd.verify(steak, hash)

  23.     let squirtle = null

  24. 

  25.     switch (result) {

  26.         case SecurePassword.INVALID_UNRECOGNIZED_HASH:

  27.             return console.error(

  28.                 'This hash was not made with secure-password. Attempt legacy algorithm',

  29.             )

  30.         case SecurePassword.INVALID:

  31.             return console.log('Invalid password')

  32.         case SecurePassword.VALID:

  33.             return result

  34.         case SecurePassword.VALID_NEEDS_REHASH:

  35.             console.log('Yay you made it, wait for us to improve your safety')

  36.             try {

  37.                 squirtle = await pwd.hash(steak)

  38.                 // console.log('improvedHash', squirtle)

  39.                 // const saveHash = Auth.insert({user_email:

  40.                 // matchingEmails}).into('token')

  41.                 return squirtle

  42.             } catch (err) {

  43.                 console.error(

  44.                     'You are authenticated, but we could not improve your safety this time around',

  45.                 )

  46.             }

  47.             break

  48.     }

  49. }

  50. 

  51. /** Class for methods used in the User plugin */

  52. module.exports = class UserService extends Schmervice.Service {

  53.     /**

  54.      * Unsure of what our constructor does

  55.      * @param  {...any} args

  56.      */

  57.     constructor(...args) {

  58.         super(...args)

  59.         const pwd = new SecurePassword()

  60.         // TODO: Invalidate this application state somehow after a

  61.         // certain time period has passed

  62.         this.activeSessions = {}

  63. 

  64.         this.pwd = {

  65.             hash: Util.promisify(pwd.hash.bind(pwd)),

  66.             verify: Util.promisify(pwd.verify.bind(pwd)),

  67.         }

  68.     }

  69. 

  70.     /**

  71.      * Use knex to find users with id column

  72.      * @param {number} id

  73.      * @param {*} txn

  74.      * @returns

  75.      */

  76.     async findById(id, txn) {

  77.         const { User } = this.server.models()

  78. 

  79.         return await User.query(txn)

  80.             .throwIfNotFound()

  81.             .first()

  82.             .where({ user_id: id })

  83.     }

  84. 

  85.     /**

  86.      * Use knew to find first user with username

  87.      * @param {*} username

  88.      * @param {*} txn

  89.      * @returns

  90.      */

  91.     async findByUsername(username, txn) {

  92.         const { User } = this.server.models()

  93. 

  94.         return await User.query(txn)

  95.             .throwIfNotFound()

  96.             .first()

  97.             .where({ user_name: username })

  98.     }

  99. 

  100.     /**

  101.      * Use to find first user with useremail

  102.      * @param {*} username

  103.      * @param {*} txn

  104.      * @returns

  105.      */

  106.     async findByUserEmail(userEmail, txn) {

  107.         const { User } = this.server.models()

  108.         const user = await User.query(txn)

  109.             .throwIfNotFound()

  110.             .first()

  111.             .where({ user_email: userEmail })

  112.         return user

  113.     }

  114. 

  115.     hashToken(token) {

  116.         const salt = process.env.APP_SESSION_SALT

  117.         try {

  118.             return crypto.createHmac('sha256', salt).update(token).digest('hex')

  119.         } catch (err) {

  120.             throw new Error(err.message)

  121.         }

  122.     }

  123. 

  124.     /**

  125.      * Signup function

  126.      * @param {*} param0

  127.      * @param {*} txn

  128.      * @returns

  129.      */

  130.     async signup({ password, userInfo, created_at }, txn) {

  131.         const { User, Auth } = this.server.models()

  132.         const matchingEmails = await User.query().where(

  133.             'user_email',

  134.             userInfo.user_email,

  135.         )

  136.         if (matchingEmails.length > 0) {

  137.             throw `User ${userInfo.user_email} already exists: Cannot create a user without a unique email`

  138.         }

  139.         // Insert User Info to User table

  140.         const insertUser = await User.query().insert(userInfo)

  141.         // insert a row with blank password to be updated by changePassword()

  142.         await Auth.query().insert({

  143.             user_email: insertUser.user_email,

  144.             created_at: created_at,

  145.             token: null,

  146.         })

  147.         // update null token with hashed password

  148.         await this.changePassword(insertUser.user_email, password, txn)

  149.         return {

  150.             user_id: insertUser.id,

  151.             user_name: insertUser.user_name,

  152.             user_email: insertUser.user_email,

  153.             is_poster: insertUser.is_poster,

  154.             is_admin: insertUser.is_admin,

  155.             is_verified: insertUser.is_verified,

  156.         }

  157.     }

  158. 

  159.     /**

  160.      * Updates user's info

  161.      * @param {number} id

  162.      * @param {*} param1

  163.      * @param {*} txn

  164.      * @returns

  165.      */

  166.     async update(id, { password, ...userInfo }, txn) {

  167.         const { User } = this.server.models()

  168. 

  169.         if (Object.keys(userInfo).length > 0) {

  170.             await User.query(txn)

  171.                 .throwIfNotFound()

  172.                 .where({ id })

  173.                 .patch(userInfo)

  174.         }

  175. 

  176.         if (password) {

  177.             await this.changePassword(id, password, txn)

  178.         }

  179. 

  180.         return id

  181.     }

  182. 

  183.     /**

  184.      * Self explanatory

  185.      * @param {*} param0

  186.      * @param {*} txn

  187.      * @returns

  188.      */

  189.     async login({ email, password }, txn) {

  190.         const { User, Auth } = this.server.models()

  191. 

  192.         const user = await Auth.query(txn)

  193.             .throwIfNotFound()

  194.             .first()

  195.             .where({ user_email: email })

  196.         const bufferPepper = Buffer.from(process.env.PEPPER + password)

  197. 

  198.         /** Uncomment to run password check using SecurePassword */

  199.         const passwordCheck = await this.pwd.verify(bufferPepper, user.token)

  200. 

  201.         if (passwordCheck === SecurePassword.VALID_NEEDS_REHASH) {

  202.             await this.changePassword(user.user_email, password, txn)

  203.         } else if (passwordCheck !== SecurePassword.VALID) {

  204.             throw User.createNotFoundError()

  205.         }

  206. 

  207.         return user

  208.     }

  209. 

  210.     /**

  211.      * Create a token to be sent in request headers

  212.      * @param {data, expiration}

  213.      * @returns {Token}

  214.      */

  215.     createToken(data, expiration = 600) {

  216.         const key = process.env.APP_SECRET

  217.         const obj = {}

  218.         Object.assign(obj, { ...data })

  219.         return JWT.sign(obj, key, { expiresIn: expiration })

  220.     }

  221. 

  222.     async makeUserCredentials(email) {

  223.         const user = await this.findByUserEmail(email)

  224.         const userCredentials = {

  225.             email: user.user_email,

  226.             name: user.user_name,

  227.             seeking: user.is_poster === 1 ? 'poster' : 'seeker',

  228.         }

  229.         const token = this.createToken({

  230.             payload: userCredentials,

  231.         })

  232.         return {

  233.             userCredentials,

  234.             token,

  235.         }

  236.     }

  237. 

  238.     /**

  239.      * Validates whether a token has expired or not

  240.      * @param {User} user

  241.      * @returns {Token}

  242.      */

  243.     validateToken(token) {

  244.         const key = process.env.APP_SECRET

  245.         return JWT.verify(token, key)

  246.     }

  247.     removeSession(hashedSessionToken) {

  248.         const userSession = this.activeSessions[hashedSessionToken]

  249.         if (!userSession) {

  250.             throw new Error(

  251.                 'hashedSessionToken not in activeSessions registry!',

  252.             )

  253.         } else {

  254.             delete this.activeSessions[hashedSessionToken]

  255.         }

  256.     }

  257.     /**

  258.      * Use knex to try to change password entry

  259.      * @param {number} id

  260.      * @param {string} password

  261.      * @param {*} txn

  262.      * @returns {number}

  263.      */

  264.     async changePassword(email, password, txn) {

  265.         const { Auth } = this.server.models()

  266. 

  267.         const hashed = await this.pwd.hash(

  268.             Buffer.from(process.env.PEPPER + password),

  269.         )

  270. 

  271.         await Auth.query(txn)

  272.             .throwIfNotFound()

  273.             .where({ user_email: email })

  274.             .patch({

  275.                 // user_email: email,

  276.                 token: hashed,

  277.             })

  278.         return email

  279.     }

  280. 

  281.     async getPassword(email, txn) {

  282.         const { Auth } = this.server.models()

  283. 

  284.         const passwordRow = await Auth.query(txn)

  285.             .where('user_email', email)

  286.             .first()

  287.         return passwordRow ? passwordRow.token : null

  288.     }

  289. 

  290.     /**

  291.      * Sends a Transactional Email via Brevo

  292.      * @ returns {Object}

  293.      */

  294.     async emailSent(userCredentials) {

  295.         const hashedSessionToken = this.hashToken(userCredentials.sessionToken)

  296.         if (Object.keys(this.activeSessions).includes(hashedSessionToken)) {

  297.             return new Error('session already in cache!!')

  298.         }

  299.         // Set expiration time for ten minutes from now

  300.         const duration = 600000

  301. 

  302.         this.activeSessions[hashedSessionToken] = {

  303.             email: userCredentials.email,

  304.             name: userCredentials.name,

  305.             seeking: userCredentials.seeking,

  306.             sessionToken: userCredentials.sessionToken,

  307.             expiration: Date.now() + duration,

  308.             emailWasRespondedTo: false,

  309.             accessToken: null,

  310.         }

  311.         // NOTE: Although this looks messy, Brevo requires these

  312.         // parameters be defined individually like this, attempts

  313.         // to configure this in a single object cause errors on their API

  314.         sendSmtpEmail.sender = {

  315.             name: '[siimee]',

  316.             email: 'mytestemail@email.com',

  317.         }

  318.         sendSmtpEmail.subject = '[siimee] New Email from Siimee!'

  319.         sendSmtpEmail.to = [

  320.             {

  321.                 email: userCredentials.email,

  322.             },

  323.         ]

  324.         sendSmtpEmail.templateId = Number(process.env.BREVO_TEMPLATE_ID)

  325.         sendSmtpEmail.params = {

  326.             link: `${process.env.BREVO_LINK}/verify/${hashedSessionToken}`,

  327.         }

  328.         return await apiInstance.sendTransacEmail(sendSmtpEmail).then(

  329.             data => {

  330.                 return { wasSuccessfull: true, data: data }

  331.             },

  332.             error => {

  333.                 return { wasSuccessfull: false, error: error }

  334.             },

  335.         )

  336.     }

  337. }