lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: session secret

Browse source
This commit is contained in:
Sérgio Salgado 2021-01-28 14:47:33 +00:00 committed by Josh Harvey
parent 6396eb8247
commit 6e7794bfc6
2 changed files with 26 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

14
lib/new-admin/admin-server.js
View file

@ -13,6 +13,8 @@ const { ApolloServer, AuthenticationError } = require('apollo-server-express')
const _ = require('lodash/fp') const _ = require('lodash/fp')
const session = require('express-session') const session = require('express-session')
const pgSession = require('connect-pg-simple')(session) const pgSession = require('connect-pg-simple')(session)
const hkdf = require('futoin-hkdf')
const pify = require('pify')
const login = require('./services/login') const login = require('./services/login')
const register = require('./routes/authentication') const register = require('./routes/authentication')
@ -20,6 +22,7 @@ const register = require('./routes/authentication')
const options = require('../options') const options = require('../options')
const db = require('../db') const db = require('../db')
const users = require('../users') const users = require('../users')
const mnemonicHelpers = require('../mnemonic-helpers')
const authRouter = require('./routes/auth') const authRouter = require('./routes/auth')
const { AuthDirective } = require('./graphql/directives') const { AuthDirective } = require('./graphql/directives')
@ -44,13 +47,22 @@ app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: true })) // support encoded bodies app.use(bodyParser.urlencoded({ extended: true })) // support encoded bodies
app.use(express.static(path.resolve(__dirname, '..', '..', 'public'))) app.use(express.static(path.resolve(__dirname, '..', '..', 'public')))
const getSecret = () => {
const mnemonic = fs.readFileSync(options.mnemonicPath, 'utf8')
return hkdf(
mnemonicHelpers.toEntropyBuffer(mnemonic),
16,
{ salt: 'lamassu-server-salt', info: 'operator-id' }
).toString('hex')
}
app.use('*', session({ app.use('*', session({
store: new pgSession({ store: new pgSession({
pgPromise: db, pgPromise: db,
tableName: 'user_sessions' tableName: 'user_sessions'
}), }),
name: 'lid', name: 'lid',
secret: 'MY_SECRET', secret: getSecret(),
resave: false, resave: false,
saveUninitialized: false, saveUninitialized: false,
cookie: { cookie: {

23
lib/new-admin/graphql/modules/authentication.js
View file

@ -8,16 +8,19 @@ const sessionManager = require('../../../session-manager')
const REMEMBER_ME_AGE = 90 * T.day const REMEMBER_ME_AGE = 90 * T.day
async function authenticateUser (username, password) { function authenticateUser (username, password) {
const hashedPassword = await loginHelper.checkUser(username) return loginHelper.checkUser(username).then(hashedPassword => {
if (!hashedPassword) return null if (!hashedPassword) return null
return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
const isMatch = await bcrypt.compare(password, hashedPassword) }).then(([isMatch, hashedPassword]) => {
if (!isMatch) return null if (!isMatch) return null
return loginHelper.validateUser(username, hashedPassword)
const user = await loginHelper.validateUser(username, hashedPassword) }).then(user => {
if (!user) return null if (!user) return null
return user return user
}).catch(e => {
console.error(e)
})
} }
const getUserData = context => { const getUserData = context => {