188 lines
6 KiB
JavaScript
188 lines
6 KiB
JavaScript
import slugify from 'slugify';
|
|
import friendlyWords from 'friendly-words';
|
|
import lodash from 'lodash';
|
|
|
|
import passport from 'passport';
|
|
import GitHubStrategy from 'passport-github';
|
|
import LocalStrategy from 'passport-local';
|
|
import GoogleStrategy from 'passport-google-oauth20';
|
|
import { BasicStrategy } from 'passport-http';
|
|
|
|
import User from '../models/user';
|
|
|
|
passport.serializeUser((user, done) => {
|
|
done(null, user.id);
|
|
});
|
|
|
|
passport.deserializeUser((id, done) => {
|
|
User.findById(id, (err, user) => {
|
|
done(err, user);
|
|
});
|
|
});
|
|
|
|
/**
|
|
* Sign in using Email/Username and Password.
|
|
*/
|
|
passport.use(new LocalStrategy({ usernameField: 'email' }, (email, password, done) => {
|
|
User.findByMailOrName(email.toLowerCase())
|
|
.then((user) => { // eslint-disable-line consistent-return
|
|
if (!user) {
|
|
return done(null, false, { msg: `Email ${email} not found.` });
|
|
}
|
|
user.comparePassword(password, (innerErr, isMatch) => {
|
|
if (isMatch) {
|
|
return done(null, user);
|
|
}
|
|
return done(null, false, { msg: 'Invalid email or password.' });
|
|
});
|
|
})
|
|
.catch(err => done(null, false, { msg: err }));
|
|
}));
|
|
|
|
/**
|
|
* Authentificate using Basic Auth (Username + Api Key)
|
|
*/
|
|
passport.use(new BasicStrategy((userid, key, done) => {
|
|
User.findOne({ username: userid }, (err, user) => { // eslint-disable-line consistent-return
|
|
if (err) { return done(err); }
|
|
if (!user) { return done(null, false); }
|
|
user.findMatchingKey(key, (innerErr, isMatch, keyID) => {
|
|
if (isMatch) {
|
|
User.update(
|
|
{ 'apiKeys._id': keyID },
|
|
{ '$set': { 'apiKeys.$.lastUsedAt': Date.now() } }
|
|
);
|
|
return done(null, user);
|
|
}
|
|
return done(null, false, { msg: 'Invalid username or API key' });
|
|
});
|
|
});
|
|
}));
|
|
|
|
/*
|
|
Input:
|
|
[
|
|
{ value: 'email@example.com', primary: false, verified: true },
|
|
{ value: 'unverified@example.com', primary: false, verified: false }
|
|
]
|
|
|
|
Output:
|
|
['email@example.com']
|
|
*/
|
|
const getVerifiedEmails = githubEmails => (
|
|
(githubEmails || [])
|
|
.filter(item => item.verified === true)
|
|
.map(item => item.value)
|
|
);
|
|
|
|
const getPrimaryEmail = githubEmails => (
|
|
(
|
|
lodash.find(githubEmails, { primary: true }) || {}
|
|
).value
|
|
);
|
|
|
|
/**
|
|
* Sign in with GitHub.
|
|
*/
|
|
passport.use(new GitHubStrategy({
|
|
clientID: process.env.GITHUB_ID,
|
|
clientSecret: process.env.GITHUB_SECRET,
|
|
callbackURL: '/auth/github/callback',
|
|
passReqToCallback: true,
|
|
scope: ['user:email'],
|
|
}, (req, accessToken, refreshToken, profile, done) => {
|
|
User.findOne({ github: profile.id }, (findByGithubErr, existingUser) => {
|
|
if (existingUser) {
|
|
done(null, existingUser);
|
|
return;
|
|
}
|
|
|
|
const emails = getVerifiedEmails(profile.emails);
|
|
const primaryEmail = getPrimaryEmail(profile.emails);
|
|
|
|
User.findOne({
|
|
email: { $in: emails },
|
|
}, (findByEmailErr, existingEmailUser) => {
|
|
if (existingEmailUser) {
|
|
existingEmailUser.email = existingEmailUser.email || primaryEmail;
|
|
existingEmailUser.github = profile.id;
|
|
existingEmailUser.username = existingEmailUser.username || profile.username;
|
|
existingEmailUser.tokens.push({ kind: 'github', accessToken });
|
|
existingEmailUser.name = existingEmailUser.name || profile.displayName;
|
|
existingEmailUser.verified = User.EmailConfirmation.Verified;
|
|
existingEmailUser.save(saveErr => done(null, existingEmailUser));
|
|
} else {
|
|
const user = new User();
|
|
user.email = primaryEmail;
|
|
user.github = profile.id;
|
|
user.username = profile.username;
|
|
user.tokens.push({ kind: 'github', accessToken });
|
|
user.name = profile.displayName;
|
|
user.verified = User.EmailConfirmation.Verified;
|
|
user.save(saveErr => done(null, user));
|
|
}
|
|
});
|
|
});
|
|
}));
|
|
|
|
/**
|
|
* Sign in with Google.
|
|
*/
|
|
passport.use(new GoogleStrategy({
|
|
clientID: process.env.GOOGLE_ID,
|
|
clientSecret: process.env.GOOGLE_SECRET,
|
|
callbackURL: '/auth/google/callback',
|
|
passReqToCallback: true,
|
|
scope: ['openid email'],
|
|
}, (req, accessToken, refreshToken, profile, done) => {
|
|
User.findOne({ google: profile._json.emails[0].value }, (findByGoogleErr, existingUser) => {
|
|
if (existingUser) {
|
|
done(null, existingUser);
|
|
return;
|
|
}
|
|
|
|
const primaryEmail = profile._json.emails[0].value;
|
|
|
|
User.findOne({
|
|
email: primaryEmail,
|
|
}, (findByEmailErr, existingEmailUser) => {
|
|
let username = profile._json.emails[0].value.split('@')[0];
|
|
User.findOne({ username }, (findByUsernameErr, existingUsernameUser) => {
|
|
if (existingUsernameUser) {
|
|
const adj = friendlyWords.predicates[Math.floor(Math.random() * friendlyWords.predicates.length)];
|
|
username = slugify(`${username} ${adj}`);
|
|
}
|
|
// what if a username is already taken from the display name too?
|
|
// then, append a random friendly word?
|
|
if (existingEmailUser) {
|
|
existingEmailUser.email = existingEmailUser.email || primaryEmail;
|
|
existingEmailUser.google = profile._json.emails[0].value;
|
|
existingEmailUser.username = existingEmailUser.username || username;
|
|
existingEmailUser.tokens.push({ kind: 'google', accessToken });
|
|
existingEmailUser.name = existingEmailUser.name || profile._json.displayName;
|
|
existingEmailUser.verified = User.EmailConfirmation.Verified;
|
|
existingEmailUser.save((saveErr) => {
|
|
if (saveErr) {
|
|
console.log(saveErr);
|
|
}
|
|
done(null, existingEmailUser);
|
|
});
|
|
} else {
|
|
const user = new User();
|
|
user.email = primaryEmail;
|
|
user.google = profile._json.emails[0].value;
|
|
user.username = username;
|
|
user.tokens.push({ kind: 'google', accessToken });
|
|
user.name = profile._json.displayName;
|
|
user.verified = User.EmailConfirmation.Verified;
|
|
user.save((saveErr) => {
|
|
if (saveErr) {
|
|
console.log(saveErr);
|
|
}
|
|
done(null, user);
|
|
});
|
|
}
|
|
});
|
|
});
|
|
});
|
|
}));
|