diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/app.js | 2 | ||||
| -rw-r--r-- | src/services/auth/auth.service.js | 22 | ||||
| -rw-r--r-- | src/services/index.js | 2 | ||||
| -rw-r--r-- | src/services/users/user.hooks.js | 21 | ||||
| -rw-r--r-- | src/services/users/user.service.js | 6 |
5 files changed, 52 insertions, 1 deletions
@@ -1,6 +1,7 @@ const feathers = require('@feathersjs/feathers'); const express = require('@feathersjs/express'); const socketio = require('@feathersjs/socketio'); +const configuration = require('@feathersjs/configuration'); const cors = require('cors') const services = require('./services'); @@ -14,6 +15,7 @@ app.use(express.static(__dirname)); app.use(express.errorHandler()); app.use(cors()); +app.configure(configuration()); app.configure(express.rest()); app.configure(socketio()); app.configure(services); diff --git a/src/services/auth/auth.service.js b/src/services/auth/auth.service.js new file mode 100644 index 0000000..9e92a02 --- /dev/null +++ b/src/services/auth/auth.service.js @@ -0,0 +1,22 @@ +const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication'); +const { LocalStrategy } = require('@feathersjs/authentication-local'); +const _ = require('lodash'); + +class NoHashingLocalStrategy extends LocalStrategy { + async comparePassword (entity, password) { + const { entityPasswordField, errorMessage } = this.configuration; + const entityPassword = _.get(entity, entityPasswordField); + if (entityPassword !== password) throw new Error(errorMessage); + return entity; + } +} + +module.exports = app => { + const authentication = new AuthenticationService(app); + + authentication.register('local', new NoHashingLocalStrategy()); + authentication.register('jwt', new JWTStrategy()); + + app.use('/authentication', authentication); +}; + diff --git a/src/services/index.js b/src/services/index.js index f2d65d0..b8ef1db 100644 --- a/src/services/index.js +++ b/src/services/index.js @@ -1,9 +1,11 @@ const Users = require('./users/user.service.js'); const Events = require('./events/event.service.js'); +const Auth = require('./auth/auth.service.js'); module.exports = app => { app.configure(Users); app.configure(Events); + app.configure(Auth); app.get('/ping', (req, res) => res.send('pong')); }; diff --git a/src/services/users/user.hooks.js b/src/services/users/user.hooks.js new file mode 100644 index 0000000..daeda68 --- /dev/null +++ b/src/services/users/user.hooks.js @@ -0,0 +1,21 @@ +const { hooks } = require ('@feathersjs/authentication-local'); +const { NotAuthenticated } = require('@feathersjs/errors'); + +const compareUser = async context => { + if (context.id !== context.params.user._id.toString()) { + throw new NotAuthenticated('You can only PATCH/UPDATE your own user!'); + } + return context; +}; + + +module.exports = { + after: { + all: hooks.protect('password') + }, + before: { + patch: [compareUser], + update: [compareUser] + } +}; + diff --git a/src/services/users/user.service.js b/src/services/users/user.service.js index 67f2ae6..afb3b9e 100644 --- a/src/services/users/user.service.js +++ b/src/services/users/user.service.js @@ -1,7 +1,11 @@ const service = require('feathers-mongoose'); const Model = require('./user.model.js'); +const hooks = require('./user.hooks.js'); const UserService = service({ Model }) -module.exports = app => app.use('/users', UserService); +module.exports = app => { + app.use('/users', UserService); + app.service('users').hooks(hooks); +}; |