- Connecting the dots?

lib/app.ts

@@ -1,9 +1,9 @@
 import Koa from 'koa';
 import bodyparser from 'koa-bodyparser';
 import cookie from 'koa-cookie';
-import passport from 'koa-passport';
 import session from 'koa-session';
 
+import passport from './passport';
 import { performanceLogger, perfromanceTimer } from './middleware/performance';
 import { errorHandler } from './middleware/errorHandler';
 

lib/auth.ts

@@ -1,16 +0,0 @@
-// import koaPassport from 'koa-passport';
-
-// import Users from 'grow-db/lib/models/users';
-// import { User } from 'grow-db/lib/schemas/user';
-
-// passport.serializeUser((user: User, done) => { done(null, user._id); });
-
-// passport.deserializeUser(async (id, done) => {
-//     const user = await Users.findById(id);
-
-//     if (user) {
-//         done(null, user);
-//     }
-
-//     done('user not found', null);
-// });

lib/constants/defaults.ts

@@ -2,3 +2,5 @@ export const PORT = 9000;
 export const API_PATH = '/api';
 export const AUTH_ROUTE = '/auth';
 export const RESET_ROUTE = `${AUTH_ROUTE}/reset`;
+
+export const JWT_SECRET = 'secret';

lib/passport/index.ts

@@ -0,0 +1,23 @@
+import passport from 'koa-passport';
+
+import Auth from '../model/auth';
+import { Auth as AuthRecord } from '../schema/auth';
+import LocalStrategy from './strategies/local';
+import JwtStrategy from './strategies/jwt';
+
+passport.serializeUser((user, done) => done(null, (user as AuthRecord).record));
+
+passport.deserializeUser(async (id, done) => {
+    const user = await Auth.findOne({ record: id });
+
+    if (user) {
+        done(null, user);
+    }
+
+    done('user not found', null);
+});
+
+passport.use(LocalStrategy);
+passport.use(JwtStrategy);
+
+export default passport;

lib/passport/strategies/jwt.ts

@@ -0,0 +1,22 @@
+// eslint-disable-next-line import/named
+import { ExtractJwt, Strategy as JwtStrategy } from 'passport-jwt';
+
+import Auth from '../../model/auth';
+import { getJwtSecret } from '../../utils/jwt';
+
+const opts = {
+    jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+    secretOrKey: getJwtSecret(),
+    issuer: process.env.JWT_ISSUER,
+    audience: process.env.JWT_AUDIENCE,
+};
+
+export default new JwtStrategy(opts, async (jwt_payload, done) => {
+    const auth = await Auth.findOne({ record: jwt_payload.sub }).catch();
+
+    if (auth) {
+        return done(null, auth);
+    }
+
+    return done(null, false);
+});

lib/passport/strategies/local.ts

@@ -0,0 +1,18 @@
+import passport from 'koa-passport';
+// eslint-disable-next-line import/named
+import { Strategy as LocalStrategy } from 'passport-local';
+
+import Auth from '../../model/auth';
+
+export default new LocalStrategy(async (username: string, password: string, done: any) => {
+    const user = await Auth.findOne({
+        where: {
+            username,
+        },
+    }).catch();
+    if (user && user.authenticate(password)) {
+        done(null, user);
+    } else {
+        done(null, false);
+    }
+});

lib/strategies/local.ts

@@ -1,20 +0,0 @@
-import passport from 'koa-passport';
-// eslint-disable-next-line import/named
-import { Strategy as LocalStrategy } from 'passport-local';
-
-import Auth from '../model/auth';
-
-export const localStrategy = passport.use(
-    new LocalStrategy(async (username: string, password: string, done: any) => {
-        const user = await Auth.findOne({
-            where: {
-                username,
-            },
-        }).catch();
-        if (user && user.authenticate(password)) {
-            done(null, user);
-        } else {
-            done(null, false);
-        }
-    }),
-);

lib/utils/jwt.ts

@@ -1,5 +1,7 @@
 import jwt from 'jsonwebtoken';
+import { JWT_SECRET } from '../constants/defaults';
 
+export const getJwtSecret = () => process.env.JWT_SECRET || JWT_SECRET;
 export interface TokenProps {
     aud?: string;
     exp?: number | Date;
@@ -28,8 +30,8 @@ export const sign = (props: SignProps) => {
             iat: today.getTime(),
             iss: rest.iss || process.env.JWT_ISSUER,
         },
-        process.env.JWT_SECRET || 'secret',
+        getJwtSecret(),
     );
 };
 
-export const verify = (token: string) => jwt.verify(token, process.env.JWT_SECRET || 'secret');
+export const verify = (token: string) => jwt.verify(token, getJwtSecret());

package.json

@@ -66,6 +66,7 @@
     "passport-facebook": "^3.0.0",
     "passport-fido2-webauthn": "^0.1.0",
     "passport-google-oauth": "^2.0.0",
+    "passport-http-bearer": "^1.0.1",
     "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0"
   },

yarn.lock

@@ -1822,6 +1822,7 @@ __metadata:
     passport-facebook: ^3.0.0
     passport-fido2-webauthn: ^0.1.0
     passport-google-oauth: ^2.0.0
+    passport-http-bearer: ^1.0.1
     passport-jwt: ^4.0.1
     passport-local: ^1.0.0
     prettier: ^2.8.4
@@ -7333,6 +7334,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"passport-http-bearer@npm:^1.0.1":
+  version: 1.0.1
+  resolution: "passport-http-bearer@npm:1.0.1"
+  dependencies:
+    passport-strategy: 1.x.x
+  checksum: d2f3a7ee33a38e41bae99ef103d4a45e1cf8bedea68aab708f54088f285d9f7ed8888616f8364fdcd5c55944c2b68f88b258a1f8dd6120bf7a1550bb8c7a4ee7
+  languageName: node
+  linkType: hard
+
 "passport-jwt@npm:^4.0.1":
   version: 4.0.1
   resolution: "passport-jwt@npm:4.0.1"