feat: session secret
This commit is contained in:
Sérgio Salgado
Josh Harvey
parent
6396eb8247
commit
6e7794bfc6
2 changed files with 26 additions and 11 deletions
|
|
@ -13,6 +13,8 @@ const { ApolloServer, AuthenticationError } = require('apollo-server-express')
|
|||
const _ = require('lodash/fp')
|
||||
const session = require('express-session')
|
||||
const pgSession = require('connect-pg-simple')(session)
|
||||
const hkdf = require('futoin-hkdf')
|
||||
const pify = require('pify')
|
||||
|
||||
const login = require('./services/login')
|
||||
const register = require('./routes/authentication')
|
||||
|
|
@ -20,6 +22,7 @@ const register = require('./routes/authentication')
|
|||
const options = require('../options')
|
||||
const db = require('../db')
|
||||
const users = require('../users')
|
||||
const mnemonicHelpers = require('../mnemonic-helpers')
|
||||
|
||||
const authRouter = require('./routes/auth')
|
||||
const { AuthDirective } = require('./graphql/directives')
|
||||
|
|
@ -44,13 +47,22 @@ app.use(bodyParser.json())
|
|||
app.use(bodyParser.urlencoded({ extended: true })) // support encoded bodies
|
||||
app.use(express.static(path.resolve(__dirname, '..', '..', 'public')))
|
||||
|
||||
const getSecret = () => {
|
||||
const mnemonic = fs.readFileSync(options.mnemonicPath, 'utf8')
|
||||
return hkdf(
|
||||
mnemonicHelpers.toEntropyBuffer(mnemonic),
|
||||
16,
|
||||
{ salt: 'lamassu-server-salt', info: 'operator-id' }
|
||||
).toString('hex')
|
||||
}
|
||||
|
||||
app.use('*', session({
|
||||
store: new pgSession({
|
||||
pgPromise: db,
|
||||
tableName: 'user_sessions'
|
||||
}),
|
||||
name: 'lid',
|
||||
secret: 'MY_SECRET',
|
||||
secret: getSecret(),
|
||||
resave: false,
|
||||
saveUninitialized: false,
|
||||
cookie: {
|
||||
|
|
|
|||
|
|
@ -8,16 +8,19 @@ const sessionManager = require('../../../session-manager')
|
|||
|
||||
const REMEMBER_ME_AGE = 90 * T.day
|
||||
|
||||
async function authenticateUser (username, password) {
|
||||
const hashedPassword = await loginHelper.checkUser(username)
|
||||
function authenticateUser (username, password) {
|
||||
return loginHelper.checkUser(username).then(hashedPassword => {
|
||||
if (!hashedPassword) return null
|
||||
|
||||
const isMatch = await bcrypt.compare(password, hashedPassword)
|
||||
return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
|
||||
}).then(([isMatch, hashedPassword]) => {
|
||||
if (!isMatch) return null
|
||||
|
||||
const user = await loginHelper.validateUser(username, hashedPassword)
|
||||
return loginHelper.validateUser(username, hashedPassword)
|
||||
}).then(user => {
|
||||
if (!user) return null
|
||||
return user
|
||||
}).catch(e => {
|
||||
console.error(e)
|
||||
})
|
||||
}
|
||||
|
||||
const getUserData = context => {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue