From 68f58329e87a9425cfe967e56d656fcfae2dd175 Mon Sep 17 00:00:00 2001
From: mifi <badmf@mifi.dev>
Date: Tue, 2 May 2023 21:47:45 -0400
Subject: [PATCH] - Connecting the dots?

---
 lib/app.ts                       |  2 +-
 lib/auth.ts                      | 16 ----------------
 lib/constants/defaults.ts        |  2 ++
 lib/passport/index.ts            | 23 +++++++++++++++++++++++
 lib/passport/strategies/jwt.ts   | 22 ++++++++++++++++++++++
 lib/passport/strategies/local.ts | 18 ++++++++++++++++++
 lib/strategies/local.ts          | 20 --------------------
 lib/utils/jwt.ts                 |  6 ++++--
 package.json                     |  1 +
 yarn.lock                        | 10 ++++++++++
 10 files changed, 81 insertions(+), 39 deletions(-)
 delete mode 100644 lib/auth.ts
 create mode 100644 lib/passport/index.ts
 create mode 100644 lib/passport/strategies/jwt.ts
 create mode 100644 lib/passport/strategies/local.ts
 delete mode 100644 lib/strategies/local.ts

diff --git a/lib/app.ts b/lib/app.ts
index dd46712..a8194af 100644
--- a/lib/app.ts
+++ b/lib/app.ts
@@ -1,9 +1,9 @@
 import Koa from 'koa';
 import bodyparser from 'koa-bodyparser';
 import cookie from 'koa-cookie';
-import passport from 'koa-passport';
 import session from 'koa-session';
 
+import passport from './passport';
 import { performanceLogger, perfromanceTimer } from './middleware/performance';
 import { errorHandler } from './middleware/errorHandler';
 
diff --git a/lib/auth.ts b/lib/auth.ts
deleted file mode 100644
index 6fbbf6b..0000000
--- a/lib/auth.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-// import koaPassport from 'koa-passport';
-
-// import Users from 'grow-db/lib/models/users';
-// import { User } from 'grow-db/lib/schemas/user';
-
-// passport.serializeUser((user: User, done) => { done(null, user._id); });
-
-// passport.deserializeUser(async (id, done) => {
-//     const user = await Users.findById(id);
-
-//     if (user) {
-//         done(null, user);
-//     }
-
-//     done('user not found', null);
-// });
diff --git a/lib/constants/defaults.ts b/lib/constants/defaults.ts
index c7a3691..c730d8b 100644
--- a/lib/constants/defaults.ts
+++ b/lib/constants/defaults.ts
@@ -2,3 +2,5 @@ export const PORT = 9000;
 export const API_PATH = '/api';
 export const AUTH_ROUTE = '/auth';
 export const RESET_ROUTE = `${AUTH_ROUTE}/reset`;
+
+export const JWT_SECRET = 'secret';
diff --git a/lib/passport/index.ts b/lib/passport/index.ts
new file mode 100644
index 0000000..9e26329
--- /dev/null
+++ b/lib/passport/index.ts
@@ -0,0 +1,23 @@
+import passport from 'koa-passport';
+
+import Auth from '../model/auth';
+import { Auth as AuthRecord } from '../schema/auth';
+import LocalStrategy from './strategies/local';
+import JwtStrategy from './strategies/jwt';
+
+passport.serializeUser((user, done) => done(null, (user as AuthRecord).record));
+
+passport.deserializeUser(async (id, done) => {
+    const user = await Auth.findOne({ record: id });
+
+    if (user) {
+        done(null, user);
+    }
+
+    done('user not found', null);
+});
+
+passport.use(LocalStrategy);
+passport.use(JwtStrategy);
+
+export default passport;
diff --git a/lib/passport/strategies/jwt.ts b/lib/passport/strategies/jwt.ts
new file mode 100644
index 0000000..23dfc3b
--- /dev/null
+++ b/lib/passport/strategies/jwt.ts
@@ -0,0 +1,22 @@
+// eslint-disable-next-line import/named
+import { ExtractJwt, Strategy as JwtStrategy } from 'passport-jwt';
+
+import Auth from '../../model/auth';
+import { getJwtSecret } from '../../utils/jwt';
+
+const opts = {
+    jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+    secretOrKey: getJwtSecret(),
+    issuer: process.env.JWT_ISSUER,
+    audience: process.env.JWT_AUDIENCE,
+};
+
+export default new JwtStrategy(opts, async (jwt_payload, done) => {
+    const auth = await Auth.findOne({ record: jwt_payload.sub }).catch();
+
+    if (auth) {
+        return done(null, auth);
+    }
+
+    return done(null, false);
+});
diff --git a/lib/passport/strategies/local.ts b/lib/passport/strategies/local.ts
new file mode 100644
index 0000000..e1f1353
--- /dev/null
+++ b/lib/passport/strategies/local.ts
@@ -0,0 +1,18 @@
+import passport from 'koa-passport';
+// eslint-disable-next-line import/named
+import { Strategy as LocalStrategy } from 'passport-local';
+
+import Auth from '../../model/auth';
+
+export default new LocalStrategy(async (username: string, password: string, done: any) => {
+    const user = await Auth.findOne({
+        where: {
+            username,
+        },
+    }).catch();
+    if (user && user.authenticate(password)) {
+        done(null, user);
+    } else {
+        done(null, false);
+    }
+});
diff --git a/lib/strategies/local.ts b/lib/strategies/local.ts
deleted file mode 100644
index 21ff34e..0000000
--- a/lib/strategies/local.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-import passport from 'koa-passport';
-// eslint-disable-next-line import/named
-import { Strategy as LocalStrategy } from 'passport-local';
-
-import Auth from '../model/auth';
-
-export const localStrategy = passport.use(
-    new LocalStrategy(async (username: string, password: string, done: any) => {
-        const user = await Auth.findOne({
-            where: {
-                username,
-            },
-        }).catch();
-        if (user && user.authenticate(password)) {
-            done(null, user);
-        } else {
-            done(null, false);
-        }
-    }),
-);
diff --git a/lib/utils/jwt.ts b/lib/utils/jwt.ts
index 1245505..140e218 100644
--- a/lib/utils/jwt.ts
+++ b/lib/utils/jwt.ts
@@ -1,5 +1,7 @@
 import jwt from 'jsonwebtoken';
+import { JWT_SECRET } from '../constants/defaults';
 
+export const getJwtSecret = () => process.env.JWT_SECRET || JWT_SECRET;
 export interface TokenProps {
     aud?: string;
     exp?: number | Date;
@@ -28,8 +30,8 @@ export const sign = (props: SignProps) => {
             iat: today.getTime(),
             iss: rest.iss || process.env.JWT_ISSUER,
         },
-        process.env.JWT_SECRET || 'secret',
+        getJwtSecret(),
     );
 };
 
-export const verify = (token: string) => jwt.verify(token, process.env.JWT_SECRET || 'secret');
+export const verify = (token: string) => jwt.verify(token, getJwtSecret());
diff --git a/package.json b/package.json
index 93f42c5..eccf885 100644
--- a/package.json
+++ b/package.json
@@ -66,6 +66,7 @@
     "passport-facebook": "^3.0.0",
     "passport-fido2-webauthn": "^0.1.0",
     "passport-google-oauth": "^2.0.0",
+    "passport-http-bearer": "^1.0.1",
     "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0"
   },
diff --git a/yarn.lock b/yarn.lock
index 1452ec5..dd8cb30 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1822,6 +1822,7 @@ __metadata:
     passport-facebook: ^3.0.0
     passport-fido2-webauthn: ^0.1.0
     passport-google-oauth: ^2.0.0
+    passport-http-bearer: ^1.0.1
     passport-jwt: ^4.0.1
     passport-local: ^1.0.0
     prettier: ^2.8.4
@@ -7333,6 +7334,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"passport-http-bearer@npm:^1.0.1":
+  version: 1.0.1
+  resolution: "passport-http-bearer@npm:1.0.1"
+  dependencies:
+    passport-strategy: 1.x.x
+  checksum: d2f3a7ee33a38e41bae99ef103d4a45e1cf8bedea68aab708f54088f285d9f7ed8888616f8364fdcd5c55944c2b68f88b258a1f8dd6120bf7a1550bb8c7a4ee7
+  languageName: node
+  linkType: hard
+
 "passport-jwt@npm:^4.0.1":
   version: 4.0.1
   resolution: "passport-jwt@npm:4.0.1"