From f38a1cf6a6809e85ac2ba47026c42b49bfee3673 Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 12:23:11 +0300
Subject: feat: upgrade feedback hooks

---
 services/feedback/feedback.hooks.ts | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/services/feedback/feedback.hooks.ts b/services/feedback/feedback.hooks.ts
index 56e9000..7ae6c5d 100644
--- a/services/feedback/feedback.hooks.ts
+++ b/services/feedback/feedback.hooks.ts
@@ -1,9 +1,27 @@
+import { populate, discard } from 'feathers-hooks-common';
 import requireAuth from '../../hooks/requireAuth';
 import signAuthority from '../../hooks/signAuthority';
+import sortByDate from '../../hooks/sortByDate';
+
+
+const populateAuthor = populate({
+  schema: {
+    include: {
+      service: 'users',
+      nameAs: 'author',
+      parentField: 'authorId',
+      childField: '_id'
+    }
+  }
+});
 
 export default {
   before: {
-    create: [requireAuth, signAuthority]
+    create: [requireAuth, signAuthority],
+    find: sortByDate
+  },
+  after: {
+    all: [populateAuthor, discard('authorId')]
   }
 };
 
-- 
cgit v1.2.3


From faa7d45674f3886e8ee8ddd64f7250ae6d0c83f7 Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 12:23:24 +0300
Subject: feat: update populate script

---
 populateDb.ts | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/populateDb.ts b/populateDb.ts
index e25005d..de7ead9 100644
--- a/populateDb.ts
+++ b/populateDb.ts
@@ -57,8 +57,7 @@ const createPoll = (authorId: string): Promise<Poll> => {
       left: generateImageData(),
       right: generateImageData()
     },
-    authorId
-  });
+  }, { user: { _id: authorId }, authenticated: true });
 };
 
 const createUser = (username: string): Promise<User> => {
@@ -69,18 +68,18 @@ const createUser = (username: string): Promise<User> => {
   });
 };
 
-const createVote = (userId: string, pollId: string): Promise<Vote> => {
+const createVote = (authorId: string, pollId: string): Promise<Vote> => {
   return app.service('votes').create({
     pollId,
     which: _.sample(choices)
-  }, { user: { _id: userId }, authenticated: true });
+  }, { user: { _id: authorId }, authenticated: true });
 };
 
 const createFeedback = (userId: string): Promise<Feedback> => {
   return app.service('feedback').create({
     version: 'v1.0.0',
     score: _.sample([1, 2, 3, 4, 5]),
-    content: 'Absolutely amazing!'
+    contents: 'Absolutely amazing!'
   }, { user: { _id: userId }, authenticated: true });
 };
 
-- 
cgit v1.2.3


From b25ddb209fa043499a0ead4f2f150507f4580a22 Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 13:09:44 +0300
Subject: feat: set token expiration to 10 days

---
 config/default.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/default.json b/config/default.json
index 278b076..7d1ef26 100644
--- a/config/default.json
+++ b/config/default.json
@@ -10,6 +10,9 @@
     "local": {
       "usernameField": "\\username",
       "passwordField": "password"
+    },
+    "jwtOptions": {
+      "expiresIn": "10 days"
     }
   }
 }
-- 
cgit v1.2.3


From 7b24ceaaece34dfe1057f432d00723e27d8c3ea9 Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 13:13:27 +0300
Subject: fix: improve tryAuthenticate to resolve token bug

---
 hooks/tryAuthenticate.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hooks/tryAuthenticate.ts b/hooks/tryAuthenticate.ts
index e179417..71306ba 100644
--- a/hooks/tryAuthenticate.ts
+++ b/hooks/tryAuthenticate.ts
@@ -3,6 +3,9 @@ import { authenticate } from '@feathersjs/authentication';
 
 
 export default async (context: HookContext): Promise<HookContext> => {
-  return authenticate('jwt')(context).catch(() => context);
+  if (context.params?.headers?.authorization && context.path !== 'authentication') {
+    return authenticate('jwt')(context);
+  }
+  return context;
 };
 
-- 
cgit v1.2.3


From 8f48be5b879b1ae92937dfa1d1f37f08fb167dfa Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 13:27:49 +0300
Subject: feat: ensure users security

---
 services/users/users.hooks.ts | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/services/users/users.hooks.ts b/services/users/users.hooks.ts
index 48843be..1b4be2b 100644
--- a/services/users/users.hooks.ts
+++ b/services/users/users.hooks.ts
@@ -1,7 +1,9 @@
 import _ from 'lodash';
 import { hooks } from '@feathersjs/authentication-local';
-import { discard } from 'feathers-hooks-common';
+import { discard, disallow } from 'feathers-hooks-common';
 import { HookContext } from '@feathersjs/feathers';
+import { NotAuthenticated } from '@feathersjs/errors';
+import requireAuth from '../../hooks/requireAuth';
 
 const hashPassword = hooks.hashPassword('password');
 
@@ -12,6 +14,13 @@ const ignoreCaseRegex = async (context: HookContext): Promise<HookContext> => {
   return context;
 };
 
+const compareUser = async (context: HookContext): Promise<HookContext> => {
+  if(context.arguments[0] != context.params.user._id) {
+    throw new NotAuthenticated('You can only PATCH/UPDATE your own user!');
+  }
+  return context;
+}
+
 export default {
   after: {
     all: hooks.protect('password'),
@@ -20,8 +29,9 @@ export default {
   before: {
     find: ignoreCaseRegex,
     create: hashPassword,
-    patch: hashPassword,
-    update: hashPassword
+    patch: [hashPassword, requireAuth, compareUser],
+    update: [hashPassword, requireAuth, compareUser],
+    remove: disallow('external')
   }
 };
 
-- 
cgit v1.2.3


From 85b3cc20e8f453868d06d55a688ee8dfe90b80d4 Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 13:33:00 +0300
Subject: feat: protect all services

---
 services/feedback/feedback.hooks.ts | 7 +++++--
 services/polls/polls.hooks.ts       | 6 +++++-
 services/votes/votes.hooks.ts       | 6 +++++-
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/services/feedback/feedback.hooks.ts b/services/feedback/feedback.hooks.ts
index 7ae6c5d..5bc2552 100644
--- a/services/feedback/feedback.hooks.ts
+++ b/services/feedback/feedback.hooks.ts
@@ -1,4 +1,4 @@
-import { populate, discard } from 'feathers-hooks-common';
+import { populate, discard, disallow } from 'feathers-hooks-common';
 import requireAuth from '../../hooks/requireAuth';
 import signAuthority from '../../hooks/signAuthority';
 import sortByDate from '../../hooks/sortByDate';
@@ -18,7 +18,10 @@ const populateAuthor = populate({
 export default {
   before: {
     create: [requireAuth, signAuthority],
-    find: sortByDate
+    find: sortByDate,
+    remove: disallow('external'),
+    patch: disallow('external'),
+    update: disallow('external')
   },
   after: {
     all: [populateAuthor, discard('authorId')]
diff --git a/services/polls/polls.hooks.ts b/services/polls/polls.hooks.ts
index e3d04e7..35eae29 100644
--- a/services/polls/polls.hooks.ts
+++ b/services/polls/polls.hooks.ts
@@ -1,4 +1,5 @@
 import { HookContext } from '@feathersjs/feathers';
+import { disallow } from 'feathers-hooks-common';
 import { Types } from 'mongoose';
 import bluebird from 'bluebird'; import _ from 'lodash';
 import { Poll } from 'which-types';
@@ -46,7 +47,10 @@ const convertPoll = async (context: HookContext): Promise<HookContext> => {
 export default {
   before: {
     find: sortByDate,
-    create: signAuthority
+    create: signAuthority,
+    remove: disallow('external'),
+    update: disallow('external'),
+    patch: disallow('external')
   },
   after: {
     all: convertPoll
diff --git a/services/votes/votes.hooks.ts b/services/votes/votes.hooks.ts
index 56e9000..923e897 100644
--- a/services/votes/votes.hooks.ts
+++ b/services/votes/votes.hooks.ts
@@ -1,9 +1,13 @@
+import { disallow } from 'feathers-hooks-common';
 import requireAuth from '../../hooks/requireAuth';
 import signAuthority from '../../hooks/signAuthority';
 
 export default {
   before: {
-    create: [requireAuth, signAuthority]
+    create: [requireAuth, signAuthority],
+    remove: disallow('external'),
+    update: disallow('external'),
+    patch: disallow('external')
   }
 };
 
-- 
cgit v1.2.3


From 1c2f3c9e5b39826266d64f4227e53fff139ea948 Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 13:35:54 +0300
Subject: style: fix eslint errors

---
 populateDb.ts                 | 2 +-
 services/users/users.hooks.ts | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/populateDb.ts b/populateDb.ts
index de7ead9..1565f44 100644
--- a/populateDb.ts
+++ b/populateDb.ts
@@ -56,7 +56,7 @@ const createPoll = (authorId: string): Promise<Poll> => {
     contents: {
       left: generateImageData(),
       right: generateImageData()
-    },
+    }
   }, { user: { _id: authorId }, authenticated: true });
 };
 
diff --git a/services/users/users.hooks.ts b/services/users/users.hooks.ts
index 1b4be2b..125f418 100644
--- a/services/users/users.hooks.ts
+++ b/services/users/users.hooks.ts
@@ -15,11 +15,11 @@ const ignoreCaseRegex = async (context: HookContext): Promise<HookContext> => {
 };
 
 const compareUser = async (context: HookContext): Promise<HookContext> => {
-  if(context.arguments[0] != context.params.user._id) {
+  if (context.arguments[0] !== context.params.user._id) {
     throw new NotAuthenticated('You can only PATCH/UPDATE your own user!');
   }
   return context;
-}
+};
 
 export default {
   after: {
-- 
cgit v1.2.3