/
index.js
117 lines (101 loc) · 3.37 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
/*
* . .o8 oooo
* .o8 "888 `888
* .o888oo oooo d8b oooo oooo .oooo888 .ooooo. .oooo.o 888 oooo
* 888 `888""8P `888 `888 d88' `888 d88' `88b d88( "8 888 .8P'
* 888 888 888 888 888 888 888ooo888 `"Y88b. 888888.
* 888 . 888 888 888 888 888 888 .o o. )88b 888 `88b.
* "888" d888b `V88V"V8P' `Y8bod88P" `Y8bod8P' 8""888P' o888o o888o
* ========================================================================
* Author: Chris Brame
* Updated: 1/20/19 4:43 PM
* Copyright (c) 2014-2019. All rights reserved.
*/
var passport = require('passport')
var Local = require('passport-local').Strategy
var TotpStrategy = require('passport-totp').Strategy
var JwtStrategy = require('passport-jwt').Strategy
var ExtractJwt = require('passport-jwt').ExtractJwt
var base32 = require('thirty-two')
var User = require('../models/user')
var nconf = require('nconf')
module.exports = function () {
passport.serializeUser(function (user, done) {
done(null, user._id)
})
passport.deserializeUser(function (id, done) {
User.findById(id, function (err, user) {
done(err, user)
})
})
passport.use(
'local',
new Local(
{
usernameField: 'login-username',
passwordField: 'login-password',
passReqToCallback: true
},
function (req, username, password, done) {
User.findOne({ username: new RegExp('^' + username.trim() + '$', 'i') })
.select('+password +tOTPKey +tOTPPeriod')
.exec(function (err, user) {
if (err) {
return done(err)
}
if (!user || user.deleted) {
req.flash('loginMessage', '')
return done(null, false, req.flash('loginMessage', 'Invalid Username/Password'))
}
if (!User.validate(password, user.password)) {
req.flash('loginMessage', '')
return done(null, false, req.flash('loginMessage', 'Invalid Username/Password'))
}
req.user = user
return done(null, user)
})
}
)
)
passport.use(
'totp',
new TotpStrategy(
{
window: 6
},
function (user, done) {
if (!user.hasL2Auth) return done(false)
User.findOne({ _id: user._id }, '+tOTPKey +tOTPPeriod', function (err, user) {
if (err) return done(err)
if (!user.tOTPPeriod) {
user.tOTPPeriod = 30
}
return done(null, base32.decode(user.tOTPKey).toString(), user.tOTPPeriod)
})
}
)
)
passport.use(
'jwt',
new JwtStrategy(
{
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: nconf.get('tokens') ? nconf.get('tokens').secret : false,
ignoreExpiration: true
},
function (jwtPayload, done) {
if (jwtPayload.exp < Date.now() / 1000) return done({ type: 'exp' })
return done(null, jwtPayload.user)
// User.findOne({ _id: jwtPayload.user._id }, function (err, user) {
// if (err) return done(err)
// if (user) {
// return done(null, jwtPayload.user)
// } else {
// return done(null, false)
// }
// })
}
)
)
return passport
}