/
user-auth.js
59 lines (53 loc) · 1.72 KB
/
user-auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
var crypto = require("crypto");
var LocalStrategy = require('passport-local').Strategy;
var hashPassword = function(password, salt) {
var hash = crypto.createHash('sha256');
hash.update(password);
hash.update(salt);
return hash.digest('hex');
};
module.exports = {
createUser: function(req, db, callback) {
var salt = process.env.SALT || 'ekcweio92dmqbd';
var salted_password = hashPassword(req.body.password, salt);
db.get("INSERT INTO users (username, password, salt) VALUES ('" + [req.body.email, salted_password, salt].join("','") + "')", function(err) {
if (err) {
throw err;
}
callback();
});
},
setupAuth: function(passport, db) {
passport.use('local-login', new LocalStrategy({
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true
},
function(req, email, password, done){
db.get('SELECT * FROM users WHERE username = ?', req.body.email, function(err, user) {
if(err){
console.log('error');
return done(err);
}
if(!user){
console.log('no user');
return done(null, false, { error:'no user' });
}
if (hashPassword(req.body.password, user.salt) != user.password) {
console.log('bad password');
return done(null, false, { error:'invalid password' });
}
return done(null, user);
});
}));
passport.serializeUser(function(user, done) {
return done(null, user.id);
});
passport.deserializeUser(function(id, done) {
db.get('SELECT id, username FROM users WHERE id = ?', id, function(err, row) {
if (!row) return done(null, false);
return done(null, row);
});
});
}
}