From 72b3babfd85987c1c6783356f03055ce6544d613 Mon Sep 17 00:00:00 2001 From: Kayne Ruse Date: Wed, 28 Jul 2021 21:36:04 +1000 Subject: [PATCH] Reworking JWT authentication --- README.md | 9 ++++++++- package.json | 2 +- server/admin/ban-user.js | 2 +- server/admin/index.js | 2 +- server/auth/index.js | 2 +- server/auth/login.js | 6 +++--- server/auth/logout.js | 4 ++-- server/auth/signup.js | 1 - server/auth/token.js | 6 +++--- server/database/models/tokens.js | 2 +- server/utilities/token-generate.js | 5 +++-- server/utilities/token-refresh.js | 2 +- sql/migrations/v1.3.1.sql | 1 + sql/migrations/v1.4.0.sql | 1 + 14 files changed, 27 insertions(+), 18 deletions(-) create mode 100644 sql/migrations/v1.3.1.sql create mode 100644 sql/migrations/v1.4.0.sql diff --git a/README.md b/README.md index 0488680..9a33e8e 100644 --- a/README.md +++ b/README.md @@ -19,9 +19,11 @@ Content-Type: application/json "password": "helloworld" } + //DOCS: Used for validating the email address above GET /auth/validation?username=example&token=12345678 + //DOCS: Login after validation POST /auth/login Content-Type: application/json @@ -37,7 +39,8 @@ Content-Type: application/json "refreshToken": "fghij" } -//Replace an expired authToken pair with these values + +//DOCS: Replace an expired authToken pair with these values POST /auth/token Content-Type: application/json @@ -45,6 +48,7 @@ Content-Type: application/json "token": "refreshToken" } + //DOCS: After this is called, the refresh route will no longer work DELETE /auth/logout Authorization: Bearer accessToken @@ -53,6 +57,7 @@ Authorization: Bearer accessToken "token": "refreshToken" } + //DOCS: Retreives the private account data, results vary GET /auth/account Authorization: Bearer accessToken @@ -63,11 +68,13 @@ Authorization: Bearer accessToken "refreshToken": "fghij" } + //DOCS: Update account data, input varies, but is always JSON PATCH /auth/account Content-Type: application/json Authorization: Bearer accessToken + //DOCS: Sets the timer, account will be deleted after 2 days DELETE /auth/account Authorization: Bearer accessToken diff --git a/package.json b/package.json index 61c1707..17ce9f2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "auth-server", - "version": "1.3.2", + "version": "1.4.0", "description": "An API centric auth server. Uses Sequelize and mariaDB by default.", "main": "server/server.js", "scripts": { diff --git a/server/admin/ban-user.js b/server/admin/ban-user.js index 3980c33..e325e47 100644 --- a/server/admin/ban-user.js +++ b/server/admin/ban-user.js @@ -27,7 +27,7 @@ const route = async (req, res) => { //forcibly logout tokens.destroy({ where: { - username: req.body.username || '' + email: req.body.email || '' } }); diff --git a/server/admin/index.js b/server/admin/index.js index 38c6751..29b9ffc 100644 --- a/server/admin/index.js +++ b/server/admin/index.js @@ -12,7 +12,7 @@ router.use(tokenAuth); router.use(async (req, res, next) => { const record = await accounts.findOne({ where: { - username: req.user.username || '' + email: req.user.email || '' } }); diff --git a/server/auth/index.js b/server/auth/index.js index fd0151e..57ca88a 100644 --- a/server/auth/index.js +++ b/server/auth/index.js @@ -23,7 +23,7 @@ router.delete('/logout', require('./logout')); router.use(async (req, res, next) => { const record = await accounts.findOne({ where: { - username: req.user.username || '' + email: req.user.email || '' } }); diff --git a/server/auth/login.js b/server/auth/login.js index 59f3601..530f223 100644 --- a/server/auth/login.js +++ b/server/auth/login.js @@ -3,7 +3,7 @@ const utils = require('util'); const bcrypt = require('bcryptjs'); const { accounts } = require('../database/models'); -const generate = require('../utilities/token-generate'); +const tokenGenerate = require('../utilities/token-generate'); //utilities const validateEmail = require('../utilities/validate-email'); @@ -48,10 +48,10 @@ const route = async (req, res) => { } //generate the JWT - const tokens = generate(account.index, account.username, account.type, account.admin, account.mod); + const token = tokenGenerate(account.index, account.email, account.username, account.type, account.admin, account.mod); //finally - res.status(200).json(tokens); + res.status(200).json(token); }; const validateDetails = async (body) => { diff --git a/server/auth/logout.js b/server/auth/logout.js index fd64a21..ea6772d 100644 --- a/server/auth/logout.js +++ b/server/auth/logout.js @@ -1,8 +1,8 @@ -const destroy = require('../utilities/token-destroy'); +const tokenDestroy = require('../utilities/token-destroy'); //auth/logout const route = (req, res) => { - destroy(req.body.token); + tokenDestroy(req.body.token); return res.status(200).end(); }; diff --git a/server/auth/signup.js b/server/auth/signup.js index 675e3d7..3ed6b53 100644 --- a/server/auth/signup.js +++ b/server/auth/signup.js @@ -6,7 +6,6 @@ const Op = Sequelize.Op; const { accounts, pendingSignups } = require('../database/models'); - //utilities const uuid = require('../utilities/uuid'); const validateEmail = require('../utilities/validate-email'); diff --git a/server/auth/token.js b/server/auth/token.js index f8d268a..8d9a2f4 100644 --- a/server/auth/token.js +++ b/server/auth/token.js @@ -1,16 +1,16 @@ const jwt = require('jsonwebtoken'); -const refresh = require('../utilities/token-refresh'); +const tokenRefresh = require('../utilities/token-refresh'); //auth/token module.exports = async (req, res) => { const refreshToken = req.body.token; - return refresh(refreshToken, (err, tokens) => { + return tokenRefresh(refreshToken, (err, token) => { if (err) { return res.status(err).end(); } - return res.status(200).send(tokens); + return res.status(200).send(token); }); }; \ No newline at end of file diff --git a/server/database/models/tokens.js b/server/database/models/tokens.js index 519d9ae..20f9b9b 100644 --- a/server/database/models/tokens.js +++ b/server/database/models/tokens.js @@ -3,5 +3,5 @@ const sequelize = require('..'); module.exports = sequelize.define('tokens', { token: 'varchar(320)', - username: 'varchar(320)' //TODO: why username? + email: 'varchar(320)' }); diff --git a/server/utilities/token-generate.js b/server/utilities/token-generate.js index 47bfb57..890239e 100644 --- a/server/utilities/token-generate.js +++ b/server/utilities/token-generate.js @@ -2,9 +2,10 @@ const jwt = require('jsonwebtoken'); const { tokens } = require('../database/models'); //generates a JWT token based on the given arguments -module.exports = (index, username, type, admin, mod) => { +module.exports = (index, email, username, type, admin, mod) => { const content = { index, + email, username, type, admin, @@ -14,7 +15,7 @@ module.exports = (index, username, type, admin, mod) => { const accessToken = jwt.sign(content, process.env.SECRET_ACCESS, { expiresIn: '10m' }); const refreshToken = jwt.sign(content, process.env.SECRET_REFRESH, { expiresIn: '30d' }); - tokens.create({ token: refreshToken, username: username }); + tokens.create({ token: refreshToken, email: email }); return { accessToken, refreshToken }; }; \ No newline at end of file diff --git a/server/utilities/token-refresh.js b/server/utilities/token-refresh.js index 9807ca5..780250e 100644 --- a/server/utilities/token-refresh.js +++ b/server/utilities/token-refresh.js @@ -24,7 +24,7 @@ module.exports = (token, callback) => { return callback(403); } - const result = generate(user.index, user.username, user.type, user.admin, user.mod); + const result = generate(user.index, user.email, user.username, user.type, user.admin, user.mod); destroy(token); diff --git a/sql/migrations/v1.3.1.sql b/sql/migrations/v1.3.1.sql new file mode 100644 index 0000000..7bdfb10 --- /dev/null +++ b/sql/migrations/v1.3.1.sql @@ -0,0 +1 @@ +ALTER TABLE `accounts` CHANGE `id` `index` INT( 11 ) NOT NULL AUTO_INCREMENT; diff --git a/sql/migrations/v1.4.0.sql b/sql/migrations/v1.4.0.sql new file mode 100644 index 0000000..7da0f43 --- /dev/null +++ b/sql/migrations/v1.4.0.sql @@ -0,0 +1 @@ +DROP TABLE tokens;