refactor(server): corrected the middleware to be in the correct spot to work as intended
This commit is contained in:
@@ -1,22 +1,24 @@
|
||||
import {OpenAPIHono} from "@hono/zod-openapi";
|
||||
import {authMiddleware} from "./middleware/authMiddleware.js";
|
||||
|
||||
import login from "./routes/login.js";
|
||||
import register from "./routes/register.js";
|
||||
import session from "./routes/session.js";
|
||||
import getAccess from "./routes/userRoles/getUserRoles.js";
|
||||
import setAccess from "./routes/userRoles/setUserRoles.js";
|
||||
import profile from "./routes/user/profileUpdate.js";
|
||||
|
||||
const app = new OpenAPIHono();
|
||||
|
||||
app.route("auth/login", login);
|
||||
app.route("auth/register", register);
|
||||
app.route("auth/session", session);
|
||||
|
||||
// required to login
|
||||
app.use("auth/getuseraccess", authMiddleware);
|
||||
/* User area just needs to be logged in to enter here */
|
||||
app.route("/auth/profileUpdate", profile);
|
||||
|
||||
/* will need to increase to make sure the person coming here has the correct permissions */
|
||||
app.route("/auth/getuseraccess", getAccess);
|
||||
|
||||
app.use("auth/setuseraccess", authMiddleware);
|
||||
app.route("/auth/setuseraccess", setAccess);
|
||||
|
||||
export default app;
|
||||
|
||||
@@ -4,6 +4,7 @@ import {users} from "../../../../database/schema/users.js";
|
||||
import {eq, sql} from "drizzle-orm";
|
||||
import {checkPassword} from "../utils/checkPassword.js";
|
||||
import {roleCheck} from "./userRoles/getUserAccess.js";
|
||||
import {log} from "../../logger/logger.js";
|
||||
|
||||
/**
|
||||
* Authenticate a user and return a JWT.
|
||||
@@ -42,14 +43,18 @@ export async function login(
|
||||
};
|
||||
|
||||
// update the user last login
|
||||
// try {
|
||||
// db.update(users)
|
||||
// .set({lastLogin: sql`NOW()`})
|
||||
// .where(eq(users.user_id, user[0].user_id));
|
||||
// } catch (e) {
|
||||
// console.log(e);
|
||||
// }
|
||||
const token = sign({user: userData}, secret, {expiresIn: expiresIn * 60});
|
||||
try {
|
||||
const lastLog = await db
|
||||
.update(users)
|
||||
.set({lastLogin: sql`NOW()`})
|
||||
.where(eq(users.user_id, user[0].user_id))
|
||||
.returning({lastLogin: users.lastLogin});
|
||||
log.info(`Its been 5days since ${user[0].username} has logged in`);
|
||||
//]);
|
||||
} catch (error) {
|
||||
log.error(error, "There was an error updating the user last login");
|
||||
}
|
||||
|
||||
const token = sign({user: userData}, secret, {expiresIn: expiresIn * 60});
|
||||
return {token, user: userData};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import {z, createRoute, OpenAPIHono} from "@hono/zod-openapi";
|
||||
import {login} from "../controllers/login.js";
|
||||
import {log} from "../../logger/logger.js";
|
||||
|
||||
const app = new OpenAPIHono();
|
||||
|
||||
@@ -77,7 +78,7 @@ app.openapi(route, async (c) => {
|
||||
|
||||
try {
|
||||
const {token, user} = await login(username.toLowerCase(), password);
|
||||
|
||||
log.info({username: username}, "logged in");
|
||||
// Set the JWT as an HTTP-only cookie
|
||||
//c.header("Set-Cookie", `auth_token=${token}; HttpOnly; Secure; Path=/; SameSite=None; Max-Age=3600`);
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import {z, createRoute, OpenAPIHono} from "@hono/zod-openapi";
|
||||
import {verify} from "hono/jwt";
|
||||
import {log} from "../../logger/logger.js";
|
||||
import {authMiddleware} from "../middleware/authMiddleware.js";
|
||||
|
||||
const session = new OpenAPIHono();
|
||||
const tags = ["Auth"];
|
||||
const JWT_SECRET = process.env.JWT_SECRET!;
|
||||
|
||||
const UserSchema = z.object({
|
||||
username: z
|
||||
@@ -21,11 +21,12 @@ const UserSchema = z.object({
|
||||
|
||||
session.openapi(
|
||||
createRoute({
|
||||
tags,
|
||||
tags: ["Auth"],
|
||||
summary: "Checks a user session based on there token",
|
||||
description: "Can post there via Authentiaction header or cookies",
|
||||
method: "get",
|
||||
path: "/",
|
||||
middleware: authMiddleware,
|
||||
// request: {
|
||||
// body: {
|
||||
// content: {
|
||||
@@ -79,8 +80,10 @@ session.openapi(
|
||||
try {
|
||||
const payload = await verify(token, process.env.JWT_SECRET!);
|
||||
return c.json({data: {token: token, user: payload.user}}, 200);
|
||||
} catch (error) {}
|
||||
return c.json({data: {token: "tsfds"}}, 200);
|
||||
} catch (error) {
|
||||
log.error(error, "Failed session check, user must be logged out");
|
||||
return c.json({message: "Unauthorized"}, 401);
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ import {apiHit} from "../../../../globalUtils/apiHits.js";
|
||||
import jwt from "jsonwebtoken";
|
||||
import {roleCheck} from "../../controllers/userRoles/getUserAccess.js";
|
||||
import type {CustomJwtPayload} from "../../../../types/jwtToken.js";
|
||||
import {authMiddleware} from "../../middleware/authMiddleware.js";
|
||||
|
||||
const {verify} = jwt;
|
||||
const app = new OpenAPIHono();
|
||||
@@ -17,7 +18,7 @@ app.openapi(
|
||||
summary: "Returns the useraccess table",
|
||||
method: "get",
|
||||
path: "/",
|
||||
|
||||
middleware: authMiddleware,
|
||||
responses: {
|
||||
200: {
|
||||
content: {"application/json": {schema: responseSchema}},
|
||||
|
||||
@@ -2,6 +2,7 @@ import {createRoute, OpenAPIHono, z} from "@hono/zod-openapi";
|
||||
import {setUserAccess} from "../../controllers/userRoles/setUserRoles.js";
|
||||
import {apiHit} from "../../../../globalUtils/apiHits.js";
|
||||
import {apiReturn} from "../../../../globalUtils/apiReturn.js";
|
||||
import {authMiddleware} from "../../middleware/authMiddleware.js";
|
||||
|
||||
const app = new OpenAPIHono();
|
||||
|
||||
@@ -27,6 +28,7 @@ app.openapi(
|
||||
summary: "Sets Users access",
|
||||
method: "post",
|
||||
path: "/",
|
||||
middleware: authMiddleware,
|
||||
description: "When logged in you will be able to grant new permissions",
|
||||
request: {
|
||||
body: {
|
||||
|
||||
0
server/services/auth/utils/verifyToken.ts
Normal file
0
server/services/auth/utils/verifyToken.ts
Normal file
Reference in New Issue
Block a user