:recycle: moving around stuff more for jwt protection

backend/lib/auth/strategies/jwt.js

@@ -0,0 +1,22 @@
+'use strict';
+
+module.exports = (options) => {
+    return {
+        keys: {
+            key: options.jwtKey,
+            algorithms: ['HS256']
+        },
+        verify: {
+            aud: false,
+            iss: false,
+            sub: false
+        },
+        httpAuthScheme: 'Token',
+        validate: (artifacts, request, h) => {
+            return {
+                isValid: true,
+                credentials: { user: artifacts.decoded.payload.user }
+            }
+        }
+    }
+}

backend/lib/index.js

@@ -0,0 +1,16 @@
+const Jwt = require('@hapi/jwt');
+const AuthStratgey = require('./auth/strategies/jwt')
+const UserPlugin = require('./plugins/user');
+const TestPlugin = require('./plugins/test');
+
+exports.plugin = {
+    name: 'main-app-plugin',
+    register: async (server, options) => {
+
+        await server.register(TestPlugin, {})
+
+        await server.register(UserPlugin, {})
+
+
+    },
+}

backend/lib/plugins/index.js

@@ -1,15 +0,0 @@
-
-const UserPlugin = require('./user');
-const TestPlugin = require('./test');
-
-const pluginOptions = {
-    routes: { prefix: `/api` }
-}
-
-module.exports = {
-    name: 'my-app-plugin',
-    register: async (server, options) => {
-        await server.register(TestPlugin, pluginOptions)
-        await server.register(UserPlugin, pluginOptions)
-    }
-}

backend/lib/plugins/user.js

@@ -1,14 +1,22 @@
 const Schwifty = require('@hapipal/schwifty');
-
+const Jwt = require('@hapi/jwt');
+const JwtStrategy = require('../auth/strategies/jwt')
 const UserModel = require('../models/user');
 const UserCurrentRoute = require('../routes/user/current');
 
 module.exports = {
-    name: 'my-user-plugin',
+    name: 'user-plugin',
     version: '1.0.0',
-    register: async server => {
+    register: async (server, options) => {
+        await server.register(Jwt)
         await server.register(Schwifty)
         await server.registerModel(UserModel)
+
+        const mainApp = server.registrations['main-app-plugin']
+        const jwtOptions = JwtStrategy(mainApp.options)
+        server.auth.strategy('default_jwt', 'jwt', jwtOptions)
+        server.auth.default('default_jwt')
+
         await server.route(UserCurrentRoute)
     }
 }

backend/lib/routes/user/current.js

@@ -26,7 +26,6 @@ const validators = {
 module.exports = {
     method: 'get',
     path: '/user/{name}',
-    // auth: 'jwt',
     handler: async request => {
         try {
             /** Get the data for your endpoint */
@@ -50,6 +49,7 @@ module.exports = {
     options: {
         ...pluginConfig.docs.get,
         tags: ['api'],
+        auth: 'default_jwt',
         validate: validators.get,
         response: {
             schema: Joi.object({

backend/package-lock.json

@@ -12,6 +12,7 @@
         "@hapi/glue": "^8.0.0",
         "@hapi/hapi": "^20.1.3",
         "@hapi/inert": "^6.0.3",
+        "@hapi/jwt": "^2.0.1",
         "@hapi/vision": "^6.0.1",
         "@hapipal/confidence": "^6.0.1",
         "@hapipal/schwifty": "^6.0.0",
@@ -115,6 +116,15 @@
         "@hapi/hoek": "9.x.x"
       }
     },
+    "node_modules/@hapi/catbox-object": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@hapi/catbox-object/-/catbox-object-2.0.0.tgz",
+      "integrity": "sha512-tzTo5q9UVqwqtpNkIz0VNSmJTbaGyD9ZQmw4a91BBWB+YJWYa066KkxOTHGmmWJzjZEhG2CsNYKu34J25pA5aw==",
+      "dependencies": {
+        "@hapi/boom": "9.x.x",
+        "@hapi/hoek": "9.x.x"
+      }
+    },
     "node_modules/@hapi/content": {
       "version": "5.0.2",
       "resolved": "https://registry.npmjs.org/@hapi/content/-/content-5.0.2.tgz",
@@ -217,6 +227,23 @@
         "@hapi/hoek": "9.x.x"
       }
     },
+    "node_modules/@hapi/jwt": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/jwt/-/jwt-2.0.1.tgz",
+      "integrity": "sha512-6/nX/yOIk9mvs+r72LFhF177yOB4yVv3e0Nqn7cIx2CU+VruBHxMKkHraARXx6oUAtiwNuyhW+trO5QeGm9ESQ==",
+      "dependencies": {
+        "@hapi/b64": "5.x.x",
+        "@hapi/boom": "9.x.x",
+        "@hapi/bounce": "2.x.x",
+        "@hapi/bourne": "2.x.x",
+        "@hapi/catbox-object": "2.x.x",
+        "@hapi/cryptiles": "5.x.x",
+        "@hapi/hoek": "9.x.x",
+        "@hapi/wreck": "17.x.x",
+        "ecdsa-sig-formatter": "1.x.x",
+        "joi": "^17.2.1"
+      }
+    },
     "node_modules/@hapi/mimos": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/@hapi/mimos/-/mimos-6.0.0.tgz",
@@ -1179,6 +1206,14 @@
       "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=",
       "dev": true
     },
+    "node_modules/ecdsa-sig-formatter": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+      "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+      "dependencies": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
     "node_modules/emoji-regex": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
@@ -4088,6 +4123,15 @@
         "@hapi/hoek": "9.x.x"
       }
     },
+    "@hapi/catbox-object": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@hapi/catbox-object/-/catbox-object-2.0.0.tgz",
+      "integrity": "sha512-tzTo5q9UVqwqtpNkIz0VNSmJTbaGyD9ZQmw4a91BBWB+YJWYa066KkxOTHGmmWJzjZEhG2CsNYKu34J25pA5aw==",
+      "requires": {
+        "@hapi/boom": "9.x.x",
+        "@hapi/hoek": "9.x.x"
+      }
+    },
     "@hapi/content": {
       "version": "5.0.2",
       "resolved": "https://registry.npmjs.org/@hapi/content/-/content-5.0.2.tgz",
@@ -4184,6 +4228,23 @@
         "@hapi/hoek": "9.x.x"
       }
     },
+    "@hapi/jwt": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/jwt/-/jwt-2.0.1.tgz",
+      "integrity": "sha512-6/nX/yOIk9mvs+r72LFhF177yOB4yVv3e0Nqn7cIx2CU+VruBHxMKkHraARXx6oUAtiwNuyhW+trO5QeGm9ESQ==",
+      "requires": {
+        "@hapi/b64": "5.x.x",
+        "@hapi/boom": "9.x.x",
+        "@hapi/bounce": "2.x.x",
+        "@hapi/bourne": "2.x.x",
+        "@hapi/catbox-object": "2.x.x",
+        "@hapi/cryptiles": "5.x.x",
+        "@hapi/hoek": "9.x.x",
+        "@hapi/wreck": "17.x.x",
+        "ecdsa-sig-formatter": "1.x.x",
+        "joi": "^17.2.1"
+      }
+    },
     "@hapi/mimos": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/@hapi/mimos/-/mimos-6.0.0.tgz",
@@ -4946,6 +5007,14 @@
       "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=",
       "dev": true
     },
+    "ecdsa-sig-formatter": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+      "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
     "emoji-regex": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",

backend/package.json

@@ -14,6 +14,7 @@
     "@hapi/glue": "^8.0.0",
     "@hapi/hapi": "^20.1.3",
     "@hapi/inert": "^6.0.3",
+    "@hapi/jwt": "^2.0.1",
     "@hapi/vision": "^6.0.1",
     "@hapipal/confidence": "^6.0.1",
     "@hapipal/schwifty": "^6.0.0",

backend/server/manifest.js

@@ -4,7 +4,7 @@ const Inert = require('@hapi/inert');
 const Vision = require('@hapi/vision');
 const Schwifty = require('@hapipal/schwifty');
 const HapiSwagger = require('hapi-swagger');
-const AppPlugin = require('../lib/plugins');
+
 // Pull .env into process.env
 Dotenv.config({ path: `${__dirname}/.env` });
 
@@ -34,7 +34,24 @@ module.exports = new Confidence.Store({
     },
     register: {
         plugins: [
-            AppPlugin,
+            {
+                plugin: '../lib', // Main plugin
+                routes: {
+                    prefix: '/api'
+                },
+                options: {
+                    jwtKey: {
+                        $filter: 'NODE_ENV',
+                        $default: {
+                            $param: 'APP_SECRET',
+                            $default: 'app-secret'
+                        },
+                        production: { // In production do not default to "app-secret"
+                            $param: 'APP_SECRET'
+                        }
+                    }
+                }
+            },
             // Documentaion deps
             Inert,
             Vision,
@@ -69,4 +86,5 @@ module.exports = new Confidence.Store({
             }
         ]
     }
-});
+})
+