2020-05-11 17:09:48 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2019-05-24 14:05:25 +02:00
|
|
|
const _ = require('lodash');
|
|
|
|
|
const bcrypt = require('bcryptjs');
|
2020-05-11 17:09:48 +02:00
|
|
|
const jwt = require('jsonwebtoken');
|
2019-05-24 14:05:25 +02:00
|
|
|
|
|
|
|
|
const sanitizeUser = user => {
|
2020-05-11 17:09:48 +02:00
|
|
|
return _.omit(user, ['password', 'resetPasswordToken']);
|
|
|
|
|
};
|
|
|
|
|
|
2020-05-12 14:57:24 +02:00
|
|
|
const defaultOptions = { expiresIn: '30d' };
|
2020-05-11 17:09:48 +02:00
|
|
|
|
|
|
|
|
const getJWTOptions = () => {
|
|
|
|
|
const { options, secret } = strapi.config.get('server.admin.jwt', {});
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
secret,
|
|
|
|
|
options: _.merge(options, defaultOptions),
|
|
|
|
|
};
|
2019-05-24 14:05:25 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates a JWT token for an administration user
|
|
|
|
|
* @param {object} admon - admin user
|
|
|
|
|
*/
|
|
|
|
|
const createJwtToken = admin => {
|
2020-05-11 17:09:48 +02:00
|
|
|
const { options, secret } = getJWTOptions();
|
|
|
|
|
|
|
|
|
|
return jwt.sign(
|
|
|
|
|
{
|
|
|
|
|
id: admin.id,
|
|
|
|
|
isAdmin: true,
|
|
|
|
|
},
|
|
|
|
|
secret,
|
|
|
|
|
options
|
|
|
|
|
);
|
2019-05-24 14:05:25 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* hashes a password
|
|
|
|
|
* @param {string} password - password to hash
|
|
|
|
|
* @returns {string} hashed password
|
|
|
|
|
*/
|
|
|
|
|
const hashPassword = password => bcrypt.hash(password, 10);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validate a password
|
|
|
|
|
* @param {string} password
|
|
|
|
|
* @param {string} hash
|
|
|
|
|
* @returns {boolean} is the password valid
|
|
|
|
|
*/
|
|
|
|
|
const validatePassword = (password, hash) => bcrypt.compare(password, hash);
|
|
|
|
|
|
2020-05-11 17:09:48 +02:00
|
|
|
/**
|
|
|
|
|
* Check login credentials
|
|
|
|
|
* @param {Object} options
|
|
|
|
|
* @param {string} options.email
|
|
|
|
|
* @param {string} options.password
|
|
|
|
|
*/
|
|
|
|
|
const checkCredentials = async ({ email, password }) => {
|
|
|
|
|
const user = await strapi.query('administrator', 'admin').findOne({ email });
|
|
|
|
|
|
|
|
|
|
if (!user) {
|
2020-05-12 14:57:24 +02:00
|
|
|
return [null, false, { message: 'Invalid credentials' }];
|
2020-05-11 17:09:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const isValid = await strapi.admin.services.auth.validatePassword(password, user.password);
|
|
|
|
|
|
|
|
|
|
if (!isValid) {
|
2020-05-12 14:57:24 +02:00
|
|
|
return [null, false, { message: 'Invalid credentials' }];
|
2020-05-11 17:09:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: change to isActive
|
|
|
|
|
if (user.blocked === true) {
|
2020-05-12 14:57:24 +02:00
|
|
|
return [null, false, { message: 'User not active' }];
|
2020-05-11 17:09:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return [null, user];
|
|
|
|
|
};
|
|
|
|
|
|
2020-05-12 13:21:26 +02:00
|
|
|
const decodeToken = token => {
|
|
|
|
|
const { secret } = getJWTOptions();
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
const payload = jwt.verify(token, secret);
|
|
|
|
|
return { payload, isValid: true };
|
|
|
|
|
} catch (err) {
|
|
|
|
|
return { payloda: null, isValid: false };
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2019-05-24 14:05:25 +02:00
|
|
|
module.exports = {
|
2020-05-11 17:09:48 +02:00
|
|
|
checkCredentials,
|
2019-05-24 14:05:25 +02:00
|
|
|
createJwtToken,
|
|
|
|
|
sanitizeUser,
|
|
|
|
|
validatePassword,
|
|
|
|
|
hashPassword,
|
2020-05-11 17:09:48 +02:00
|
|
|
getJWTOptions,
|
2020-05-12 13:21:26 +02:00
|
|
|
decodeToken,
|
2019-05-24 14:05:25 +02:00
|
|
|
};
|
