-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpassport.js
130 lines (111 loc) · 4.58 KB
/
passport.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
const LocalStrategy = require('passport-local').Strategy;
const connection = require("./database");
const bcrypt = require('bcrypt')
const saltRounds = 10
// expose this function to our app using module.exports
module.exports = function(passport) {
// =========================================================================
// passport session setup ==================================================
// =========================================================================
// required for persistent login sessions
// passport needs ability to serialize and unserialize auth out of session
// used to serialize the user for the session
passport.serializeUser(function(user, done) {
done(null, user);
});
// used to deserialize the user
passport.deserializeUser(function(user, done) {
done(null, user);
});
// =========================================================================
// LOCAL SIGNUP ============================================================
// =========================================================================
// we are using named strategies since we have one for login and one for signup
// by default, if there was no name, it would just be called 'local'
passport.use('local-signup', new LocalStrategy({
usernameField: 'username',
passwordField: 'password',
passReqToCallback: true
}, function(req, username, password, done) {
// find a user whose username is the same as the forms username
// we are checking to see if the user trying to login already exists
new Promise((resolve, reject) => {
connection.query("SELECT * FROM auth WHERE username = ?", [username], (err, rows) => {
if (err) {
reject(err);
} else {
resolve(rows);
}
});
})
.then(rows => {
if (rows.length) {
// User with the provided username already exists
return done(null, false);
} else {
// Create the user
const newUserMysql = {
username: username
};
return bcrypt.hash(password, saltRounds)
.then(hash => {
newUserMysql.hash = hash;
const insertQuery = "INSERT INTO auth (username, hash) VALUES (?, ?)";
return new Promise((resolve, reject) => {
connection.query(insertQuery, [username, newUserMysql.hash], (err, rows) => {
if (err) {
reject(err);
} else {
resolve(newUserMysql);
}
});
});
})
.then(newUser => {
return done(null, newUser);
});
}
})
.catch(err => {
return done(err);
});
}));
// =========================================================================
// LOCAL LOGIN =============================================================
// =========================================================================
// we are using named strategies since we have one for login and one for signup
// by default, if there was no name, it would just be called 'local'
passport.use('local-login', new LocalStrategy({
// by default, local strategy uses username and password, we will override with username
usernameField : 'username',
passwordField: 'password',
passReqToCallback: true // allows us to pass back the entire request to the callback
}, async (req, username, password, done) => {
try {
const rows = await new Promise((resolve, reject) => {
connection.query("SELECT * FROM auth WHERE username = ?", [username], (err, rows) => {
if (err) {
reject(err); // Reject the promise in case of an error
} else {
resolve(rows); // Resolve the promise with the query result
}
});
});
if (!rows.length) {
// User not found
return done(null, false);
}
const result = await bcrypt.compare(password, rows[0].hash);
if (result) {
// Authentication successful
return done(null, rows[0]);
} else {
// Incorrect password
return done(null, false);
}
} catch (err) {
// Handle database or other errors
return done(err);
}
}));
}