* improve authentication

bertho-zero · bertho-zero · commit b87f05e31c87 · 2017-05-17T00:08:25.000+02:00
* stop use client config in api
* eslint display warning on development
diff --git a/api/actions/auth/index.js b/api/actions/auth/index.js
diff --git a/api/actions/auth/load.js b/api/actions/auth/load.js
diff --git a/api/actions/index.js b/api/actions/index.js
@@ -1,4 +1,3 @@
 export loadInfo from './loadInfo';
-export * as auth from './auth';
 export * as widget from './widget';
 export * as survey from './survey';
diff --git a/api/api.js b/api/api.js
@@ -8,7 +8,6 @@ import rest from 'feathers-rest';
 import socketio from 'feathers-socketio';
 import isPromise from 'is-promise';
 import PrettyError from 'pretty-error';
-import publicConfig from '../src/config';
 import config from './config';
 import middleware from './middleware';
 import services from './services';
@@ -35,16 +34,15 @@ app.set('config', config)
 
 const actionsHandler = (req, res, next) => {
   const splittedUrlPath = req.url.split('?')[0].split('/').slice(1);
-
   const { action, params } = mapUrl(actions, splittedUrlPath);
 
+  req.app = app;
+
   const catchError = error => {
     console.error('API ERROR:', pretty.render(error));
     res.status(error.status || 500).json(error);
   };
 
-  req.app = app;
-
   if (action) {
     try {
       const handle = action(req, params);
@@ -79,13 +77,13 @@ app.configure(hooks())
   .configure(services)
   .configure(middleware);
 
-if (publicConfig.apiPort) {
-  app.listen(publicConfig.apiPort, err => {
+if (process.env.APIPORT) {
+  app.listen(process.env.APIPORT, err => {
     if (err) {
       console.error(err);
     }
-    console.info('----\n==> 🌎  API is running on port %s', publicConfig.apiPort);
-    console.info('==> 💻  Send requests to http://%s:%s', publicConfig.apiHost, publicConfig.apiPort);
+    console.info('----\n==> 🌎  API is running on port %s', process.env.APIPORT);
+    console.info('==> 💻  Send requests to http://%s:%s', process.env.APIHOST, process.env.APIPORT);
   });
 } else {
   console.error('==>     ERROR: No APIPORT environment variable has been specified');
diff --git a/api/services/authentication/index.js b/api/services/authentication/index.js
@@ -5,27 +5,17 @@ import local from 'feathers-authentication-local';
 import oauth2 from 'feathers-authentication-oauth2';
 import FacebookTokenStrategy from 'passport-facebook-token';
 import { discard } from 'feathers-hooks-common';
-import { verifyJWT } from 'feathers-authentication/lib/utils';
 
 export socketAuth from './socketAuth';
 
 function populateUser(authConfig) {
-  return hook => verifyJWT(hook.result.accessToken, authConfig)
+  return hook => hook.app.passport.verifyJWT(hook.result.accessToken, authConfig)
     .then(payload => hook.app.service('users').get(payload.userId))
     .then(user => {
       hook.result.user = user;
     });
 }
 
-function addTokenExpiration() {
-  return hook => {
-    if (hook.result.accessToken) {
-      hook.result.expires = hook.app.get('auth').cookie.maxAge || null;
-    }
-    return hook;
-  };
-}
-
 function restToSocketAuth() {
   return hook => {
     if (hook.params.provider !== 'rest') return hook;
@@ -71,7 +61,6 @@ export default function authenticationService() {
         create: [
           populateUser(config),
           discard('user.password'),
-          addTokenExpiration(),
           restToSocketAuth()
         ]
       }
diff --git a/api/services/authentication/socketAuth.js b/api/services/authentication/socketAuth.js
@@ -1,5 +1,3 @@
-import { verifyJWT } from 'feathers-authentication/lib/utils';
-
 export default function socketAuth(app) {
   return (socket, next) => {
     const { cookie } = socket.request.headers;
@@ -18,7 +16,7 @@ export default function socketAuth(app) {
 
     if (!accessToken) return next();
 
-    verifyJWT(accessToken, app.get('auth'))
+    app.passport.verifyJWT(accessToken, app.get('auth'))
       .then(payload => app.service('users').get(payload.userId))
       .then(user => {
         Object.assign(socket.feathers, {
diff --git a/src/redux/create.js b/src/redux/create.js
@@ -46,7 +46,8 @@ export default function createStore(history, { client, app, restApp }, data, per
 
   if (__DEVELOPMENT__ && module.hot) {
     module.hot.accept('./reducer', () => {
-      store.replaceReducer(combineReducers(require('./reducer').default(store.asyncReducers)));
+      const reducer = require('./reducer');
+      store.replaceReducer(combineReducers((reducer.default || reducer)(store.asyncReducers)));
     });
   }
 
diff --git a/src/redux/modules/auth.js b/src/redux/modules/auth.js
@@ -112,7 +112,6 @@ function setToken({ client, app, restApp }) {
   return response => {
     const { accessToken } = response;
 
-    // set manually the JWT for both instances of feathers/client
     app.set('accessToken', accessToken);
     restApp.set('accessToken', accessToken);
     client.setJwtToken(accessToken);
@@ -122,9 +121,18 @@ function setToken({ client, app, restApp }) {
 }
 
 function setCookie({ app }) {
+  return response => app.passport.verifyJWT(response.accessToken)
+    .then(payload => {
+      const options = payload.exp ? { expires: new Date(payload.exp * 1000) } : undefined;
+      cookie.set('feathers-jwt', app.get('accessToken'), options);
+      return response;
+    });
+}
+
+function setUser({ app, restApp }) {
   return response => {
-    const options = response.expires ? { expires: response.expires / (60 * 60 * 24 * 1000) } : undefined;
-    cookie.set('feathers-jwt', app.get('accessToken'), options);
+    app.set('user', response.user);
+    restApp.set('user', response.user);
     return response;
   };
 }
@@ -140,7 +148,10 @@ export function isLoaded(globalState) {
 export function load() {
   return {
     types: [LOAD, LOAD_SUCCESS, LOAD_FAIL],
-    promise: ({ client }) => client.get('/auth/load')
+    promise: ({ app, restApp, client }) => restApp.authenticate()
+      .then(setToken({ client, app, restApp }))
+      .then(setCookie({ app }))
+      .then(setUser({ app, restApp }))
   };
 }
 
@@ -160,12 +171,9 @@ export function login(strategy, data, validation = true) {
       strategy,
       socketId
     })
-      .then(setToken({ client, restApp, app }))
+      .then(setToken({ client, app, restApp }))
       .then(setCookie({ app }))
-      .then(response => {
-        app.set('user', response.user);
-        return response;
-      })
+      .then(setUser({ app, restApp }))
       .catch(validation ? catchValidation : error => Promise.reject(error))
   };
 }
diff --git a/webpack/dev.config.js b/webpack/dev.config.js
@@ -141,7 +141,8 @@ var webpackConfig = module.exports = {
         loader: 'babel-loader',
         query: babelLoaderQuery
       }, {
-        loader: 'eslint-loader'
+        loader: 'eslint-loader',
+        options: { emitWarning: true }
       }
     ]),
     helpers.createHappyPlugin('less', [

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,8 @@ export default function createStore(history, { client, app, restApp }, data, per`
`46`	`46`
`47`	`47`	`if (__DEVELOPMENT__ && module.hot) {`
`48`	`48`	`module.hot.accept('./reducer', () => {`
`49`		`- store.replaceReducer(combineReducers(require('./reducer').default(store.asyncReducers)));`
	`49`	`+ const reducer = require('./reducer');`
	`50`	`+ store.replaceReducer(combineReducers((reducer.default \|\| reducer)(store.asyncReducers)));`
`50`	`51`	`});`
`51`	`52`	`}`
`52`	`53`