From 5fd5795f39125daf422d055631a5c04af24c3fbd Mon Sep 17 00:00:00 2001 From: Daksh Miglani Date: Mon, 7 Jan 2019 12:48:47 +0530 Subject: [PATCH 1/4] fix jwt strategy --- src/jwt/strategy.js | 31 +++++++++++++++++++++---------- src/server.js | 2 +- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/src/jwt/strategy.js b/src/jwt/strategy.js index 0807c3fd1..e2dccc91f 100644 --- a/src/jwt/strategy.js +++ b/src/jwt/strategy.js @@ -1,4 +1,5 @@ import { Strategy } from 'passport-jwt' +import { fixUrl } from '../middleware/fixImageUrlsMiddleware' const cookieExtractor = (req) => { var token = null @@ -8,7 +9,7 @@ const cookieExtractor = (req) => { return token } -export default () => { +export default (driver) => { const options = { jwtFromRequest: cookieExtractor, secretOrKey: process.env.JWT_SECRET, @@ -17,16 +18,26 @@ export default () => { } return new Strategy(options, - (JWTPayload, next) => { - // usually this would be a database call: - // var user = users[_.findIndex(users, {id: JWTPayload.id})] - // TODO: fix https://github.com/Human-Connection/Nitro-Backend/issues/41 - /* eslint-disable */ - if (true) { - /* eslint-enable */ - next(null, {}) + async (JWTPayload, next) => { + const session = driver.session(); + const result = await session.run( + 'MATCH (user:User {id: $userId}) ' + + 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', + { + id: JWTPayload.id + } + ); + session.close(); + const [currentUser] = await result.records.map((record) => { + return record.get("user"); + }); + + if (currentUser) { + delete currentUser.password; + currentUser.avatar = fixUrl(currentUser.avatar) + return next(null, currentUser); } else { - next(null, false) + return next(null, false); } }) } diff --git a/src/server.js b/src/server.js index 3b0e0a561..860a4f8c4 100644 --- a/src/server.js +++ b/src/server.js @@ -56,7 +56,7 @@ const createServer = (options) => { } const server = new GraphQLServer(Object.assign({}, defaults, options)) - passport.use('jwt', jwtStrategy()) + passport.use('jwt', jwtStrategy(driver)) server.express.use(passport.initialize()) server.express.post('/graphql', passport.authenticate(['jwt'], { session: false })) From 016119e7689e0af9ccf0ff9ffd1083ed71b3190a Mon Sep 17 00:00:00 2001 From: Daksh Date: Mon, 7 Jan 2019 13:00:19 +0530 Subject: [PATCH 2/4] fix variableName from id to userId --- src/jwt/strategy.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jwt/strategy.js b/src/jwt/strategy.js index e2dccc91f..d08b7988f 100644 --- a/src/jwt/strategy.js +++ b/src/jwt/strategy.js @@ -24,7 +24,7 @@ export default (driver) => { 'MATCH (user:User {id: $userId}) ' + 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', { - id: JWTPayload.id + userId: JWTPayload.id } ); session.close(); From 2156b08e8fa0f79f94d87d0d2d0d6a4dadafdb43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 8 Jan 2019 14:20:05 +0100 Subject: [PATCH 3/4] Run `yarn run lint --fix` @DakshMiglani check the build server for any errors: https://travis-ci.com/Human-Connection/Nitro-Backend/builds/96505757#L658 Here you can see the build was fine, only eslint complained. Eslint is a quick fix :wink: --- src/jwt/strategy.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/jwt/strategy.js b/src/jwt/strategy.js index d08b7988f..65e2d35c1 100644 --- a/src/jwt/strategy.js +++ b/src/jwt/strategy.js @@ -19,25 +19,25 @@ export default (driver) => { return new Strategy(options, async (JWTPayload, next) => { - const session = driver.session(); + const session = driver.session() const result = await session.run( 'MATCH (user:User {id: $userId}) ' + 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', { userId: JWTPayload.id } - ); - session.close(); + ) + session.close() const [currentUser] = await result.records.map((record) => { - return record.get("user"); - }); + return record.get('user') + }) if (currentUser) { - delete currentUser.password; + delete currentUser.password currentUser.avatar = fixUrl(currentUser.avatar) - return next(null, currentUser); + return next(null, currentUser) } else { - return next(null, false); + return next(null, false) } }) } From ca38892322ab2f2910ff07e622d9b7412455e17d Mon Sep 17 00:00:00 2001 From: Daksh Date: Thu, 10 Jan 2019 21:49:01 +0530 Subject: [PATCH 4/4] remove password from query. --- src/jwt/strategy.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/jwt/strategy.js b/src/jwt/strategy.js index 65e2d35c1..5b1ea1231 100644 --- a/src/jwt/strategy.js +++ b/src/jwt/strategy.js @@ -22,7 +22,7 @@ export default (driver) => { const session = driver.session() const result = await session.run( 'MATCH (user:User {id: $userId}) ' + - 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', + 'RETURN user {.id, .slug, .name, .avatar, .email, .role} as user LIMIT 1', { userId: JWTPayload.id } @@ -33,7 +33,6 @@ export default (driver) => { }) if (currentUser) { - delete currentUser.password currentUser.avatar = fixUrl(currentUser.avatar) return next(null, currentUser) } else {