ft : auth

Flyard · Flyard · commit 2917b38f9cc4 · 2022-12-13T08:56:41.000+01:00
diff --git a/auth/jwt.strategy.js b/auth/jwt.strategy.js
@@ -0,0 +1,22 @@
+const passport = require('passport');
+const User = require('../users/user.model');
+const { Strategy, ExtractJwt } = require('passport-jwt');
+
+passport.use(new Strategy(
+        {
+            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),   // extract token from Authorization header as a Bearer token
+            secretOrKey: process.env.JWT_SECRET                         // jwt secret extracted from .env
+        },
+        function(token, done) {
+            User.findOne({_id: token.sub}, function(err, user) {
+                if (err)    return done(err, false);        // error
+                if (user)   return done(null, {
+                    _id:user?._id,
+                    role:user?.role
+                });   // user found
+                return done(null, false);                   // user not found
+            });
+        }
+    )
+);
+module.exports = passport;
diff --git a/auth/local.strategy.js b/auth/local.strategy.js
@@ -0,0 +1,23 @@
+const passport = require('passport');
+const { Strategy } = require('passport-local');
+const User = require('../users/user.model');
+const usersService = require('../users/user.service');
+
+passport.use(new Strategy(
+    function (username, password, done) {
+        User.findOne({ username }, async function (err, user) {
+            if (err)    return done(err)
+            if (!user)  {
+                console.log("[-] User not found");
+                return done(null, false);
+            }
+            if (!await usersService.verify(username, password)){
+                console.log("[-] Wrong password...");
+                return done(null, false);
+            }
+            return done(null, user);
+        });
+    }
+));
+
+module.exports = passport
diff --git a/middleware/auth.middleware.js b/middleware/auth.middleware.js
@@ -0,0 +1,8 @@
+const roleMiddleware = (allowedRoles = []) => (req, res, next) => {
+    if (!allowedRoles || allowedRoles === []) return;
+    if (!req.user?.role) return res.status(401).send(); // No user
+    if (!allowedRoles.includes(req.user.role)) return res.status(403).send(); // No role
+    next();
+}
+
+module.exports = roleMiddleware;
