flowviz
Version:
A framework which provides seamless integration with other phylogenetic tools and frameworks, while allowing workflow scheduling and execution, through the Apache Airflow workflow system.
84 lines (76 loc) • 2.12 kB
JavaScript
const ApiException = require("../exceptions/apiException");
const onSuccess = require("./controllerUtils");
module.exports = (jwt, authService, argonUtils, secret) => {
function register(req, res, next) {
/**
* For security reasons, it is preferred to hash the password
* here and create the user here, instead of propagate it until mongoose
* 'pre' middleware.
*/
argonUtils
.hash(req.body.password)
.then((hashedPassword) => {
// Registering after password hashing
const user = {
username: req.body.username,
password: hashedPassword,
};
authService
.register(user)
.then((data) =>
onSuccess(
res,
{
username: user.username,
jwt: jwt.sign({ id: user.username }, secret),
},
(code = 201)
)
)
.catch((err) => {
next(err);
});
})
.catch((err) => next(err));
}
function login(req, res, next) {
const username = req.body.username;
const password = req.body.password;
authService
.getUserByName(username)
.then((dbUser) =>
// Again, the passed password does not get propagated any further.
argonUtils
.verify(dbUser.password, password)
.then((isValid) => {
if (!isValid) {
throw ApiException.unauthorized("Wrong password.");
}
})
.catch((err) => {
throw err;
})
)
.then(() => {
// The user is authentic, the jwt is signed and returned to the client.
onSuccess(
res,
{ username: username, jwt: jwt.sign({ id: username }, secret) },
(code = 201)
);
})
.catch((err) => next(err));
}
function profile(req, res, next) {
onSuccess(res, req.user);
}
function logout(req, res, next) {
req.logout();
}
return {
register: register,
login: login,
profile: profile,
logout: logout,
};
};