UNPKG

@qelos/auth

Version:

Express Passport authentication service

69 lines (64 loc) 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import { defaultAuthType } from '../../config'; import { getUser, comparePassword, setToken, clearOldTokens } from '../services/users'; import { Strategy } from 'passport-local'; import { UserDocument, UserModel } from '../models/user'; import { getWorkspaceConfiguration } from '../services/workspace-configuration'; import logger from '../services/logger'; import { getWorkspaceForUser } from '../services/workspaces'; module.exports = new Strategy( { usernameField: 'username', passwordField: 'password', session: false, passReqToCallback: true, }, async (req, username, password, done) => { const query: { username: string; tenant: undefined | string; roles?: { $in: string[] }; } = { username: username.trim() || req.body?.email?.trim(), tenant: req.headers.tenant as string }; const authType = req.body.authType || defaultAuthType; if (req.body.roles && req.body.roles instanceof Array) { query.roles = { $in: req.body.roles }; } const preSelectedWorkspace = req.body.workspace; const [wsConfig, user] = await Promise.all([ getWorkspaceConfiguration(query.tenant), getUser(query) .then((user) => user && comparePassword((user as unknown as UserModel), password)) .catch(() => null) ]); if (!user) { return done({ message: 'Invalid username or password' }); } let workspace; if (wsConfig.isActive) { try { workspace = await getWorkspaceForUser(query.tenant, user._id, preSelectedWorkspace || user.lastLogin?.workspace || user.tokens?.at(-1)?.metadata?.workspace); } catch (err) { logger.log('Error getting workspace', query); } } setToken({ user: user as any as UserDocument, workspace }, authType) .then(({ user, token, refreshToken, cookieToken }) => { done(null, { tenant: query.tenant, token, refreshToken, cookieToken, workspace, user: { username: user.username, email: user.email, firstName: user.firstName, lastName: user.lastName, name: user.name || user.fullName || `${user.firstName} ${user.lastName}`, roles: user.roles, }, }); }) .catch((err) => done(err)) .finally(() => setTimeout(() => clearOldTokens((user as any)._id).catch(), 1)) } );