From 7da6c6a8e4a3590dfb8569b9fc24b4054552c96f Mon Sep 17 00:00:00 2001 From: eug-vs Date: Sun, 15 Nov 2020 03:46:51 +0300 Subject: feat: setup authentication --- src/services/auth/auth.service.js | 22 ++++++++++++++++++++++ src/services/index.js | 2 ++ src/services/users/user.hooks.js | 21 +++++++++++++++++++++ src/services/users/user.service.js | 6 +++++- 4 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 src/services/auth/auth.service.js create mode 100644 src/services/users/user.hooks.js (limited to 'src/services') diff --git a/src/services/auth/auth.service.js b/src/services/auth/auth.service.js new file mode 100644 index 0000000..9e92a02 --- /dev/null +++ b/src/services/auth/auth.service.js @@ -0,0 +1,22 @@ +const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication'); +const { LocalStrategy } = require('@feathersjs/authentication-local'); +const _ = require('lodash'); + +class NoHashingLocalStrategy extends LocalStrategy { + async comparePassword (entity, password) { + const { entityPasswordField, errorMessage } = this.configuration; + const entityPassword = _.get(entity, entityPasswordField); + if (entityPassword !== password) throw new Error(errorMessage); + return entity; + } +} + +module.exports = app => { + const authentication = new AuthenticationService(app); + + authentication.register('local', new NoHashingLocalStrategy()); + authentication.register('jwt', new JWTStrategy()); + + app.use('/authentication', authentication); +}; + diff --git a/src/services/index.js b/src/services/index.js index f2d65d0..b8ef1db 100644 --- a/src/services/index.js +++ b/src/services/index.js @@ -1,9 +1,11 @@ const Users = require('./users/user.service.js'); const Events = require('./events/event.service.js'); +const Auth = require('./auth/auth.service.js'); module.exports = app => { app.configure(Users); app.configure(Events); + app.configure(Auth); app.get('/ping', (req, res) => res.send('pong')); }; diff --git a/src/services/users/user.hooks.js b/src/services/users/user.hooks.js new file mode 100644 index 0000000..daeda68 --- /dev/null +++ b/src/services/users/user.hooks.js @@ -0,0 +1,21 @@ +const { hooks } = require ('@feathersjs/authentication-local'); +const { NotAuthenticated } = require('@feathersjs/errors'); + +const compareUser = async context => { + if (context.id !== context.params.user._id.toString()) { + throw new NotAuthenticated('You can only PATCH/UPDATE your own user!'); + } + return context; +}; + + +module.exports = { + after: { + all: hooks.protect('password') + }, + before: { + patch: [compareUser], + update: [compareUser] + } +}; + diff --git a/src/services/users/user.service.js b/src/services/users/user.service.js index 67f2ae6..afb3b9e 100644 --- a/src/services/users/user.service.js +++ b/src/services/users/user.service.js @@ -1,7 +1,11 @@ const service = require('feathers-mongoose'); const Model = require('./user.model.js'); +const hooks = require('./user.hooks.js'); const UserService = service({ Model }) -module.exports = app => app.use('/users', UserService); +module.exports = app => { + app.use('/users', UserService); + app.service('users').hooks(hooks); +}; -- cgit v1.2.3