Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 11:37:08 +00:00
Code Issues Packages Projects Releases Activity

Refactor JWT token verification

Browse Source
This commit is contained in:
D. Berge
2024-05-01 10:05:48 +02:00
parent 1056122fff
commit d2f94dbb88
2 changed files with 40 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/www/server/api/middleware/user/login.js
View File

@@ -1,28 +1,21 @@
const crypto = require('crypto');
const cfg = require('../../../lib/config');
const jwt = require('../../../lib/jwt');
async function login (req, res, next) {
if (req.body) {
const {user, password} = req.body;
if (user && password) {
const hash = crypto
.pbkdf2Sync(password, 'Dougal'+user, 10712, 48, 'sha512')
.toString('base64');
for (const credentials of cfg._("global.users.login.user") || []) {
if (credentials.name == user && credentials.hash == hash) {
const payload = Object.assign({}, credentials);
delete payload.hash;
jwt.issue(payload, req, res);
res.status(204).send();
next();
return;
}
}
const payload = jwt.checkValidCredentials({user, password});
if (payload) {
jwt.issue(payload, req, res);
res.status(204).send();
next();
return;
} else {
next({status: 401, message: "Unauthorised"});
}
} else {
next({status: 400, message: "Bad request"});
}
next({status: 400, message: "Bad request"});
}
module.exports = login;