lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add user management screen

Browse source 
feat: login screen

fix: login routing and layout

feat: add users migration

feat: passport login strategy

fix: users migration

feat: simple authentication

fix: request body

feat: JWT authorization

feat: 2fa step on login

feat: 2fa flow

feat: add rememberme to req body

fix: hide 2fa secret from jwt

fix: block login access to logged in user

fix: rerouting to wizard

refactor: login screen

feat: setup 2fa state on login

feat: 2fa secret qr code

fix: remove jwt from 2fa secret

fix: wizard redirect after login

fix: 2fa setup flow

fix: user id to uuid

feat: user roles

feat: user sessions and db persistence

feat: session saving on DB and cookie

refactor: unused code

feat: cookie auto renew on request

feat: get user data endpoint

fix: repeated requests

feat: react routing

fix: private routes

refactor: auth

feat: sessions aware of ua and ip

feat: sessions on gql

feat: session management screen

feat: replace user_tokens usage for users

feat: user deletion also deletes active sessions

feat: remember me alters session cookie accordingly

feat: last session by all users

fix: login feedback

fix: page loading UX

feat: routes based on user role

feat: header aware of roles

feat: reset password

fix: reset password endpoint

feat: handle password change

feat: reset 2FA

feat: user role on management screen

feat: change user role

fix: user last session query

fix: context

fix: destroy own session

feat: reset password now resets sessions

feat: reset 2fa now resets sessions

refactor: user data

refactor: user management screen

feat: user enable

feat: schema directives

fix: remove schema directive temp

feat: create new users

feat: register endpoint

feat: modals for reset links

fix: directive Date errors

feat: superuser directive

feat: create user url modal

fix: user management layout

feat: confirmation modals

fix: info text

feat: 2fa input component

feat: code input on 2fa state

feat: add button styling

feat: confirmation modal on superuser action

feat: rework 2fa setup screen

feat: rework reset 2fa screen

fix: session management screen

fix: user management screen

fix: blacklist roles

chore: migrate old customer values to new columns

fix: value migration

fix: value migration

refactor: remove old code
This commit is contained in:
Sérgio Salgado 2020-10-27 10:05:06 +00:00 committed by Josh Harvey
parent 368781864e
commit fded22f39a
50 changed files with 9839 additions and 4501 deletions
Download patch file Download diff file Expand all files Collapse all files

49
lib/new-admin/admin-server.js
View file

@ -8,14 +8,20 @@ const cors = require('cors')
const helmet = require('helmet')
const nocache = require('nocache')
const cookieParser = require('cookie-parser')
const bodyParser = require('body-parser')
const { ApolloServer, AuthenticationError } = require('apollo-server-express')
const _ = require('lodash/fp')
const session = require('express-session')
const pgSession = require('connect-pg-simple')(session)
const { typeDefs, resolvers } = require('./graphql/schema')
const login = require('./services/login')
const register = require('./routes/authentication')
const options = require('../options')
const db = require('../db')
const users = require('../users')
const { typeDefs, resolvers, AuthDirective, SuperuserDirective } = require('./graphql/schema')
const devMode = require('minimist')(process.argv.slice(2)).dev
const idPhotoCardBasedir = _.get('idPhotoCardDir', options)
@ -32,11 +38,35 @@ app.use(helmet())
app.use(compression())
app.use(nocache())
app.use(cookieParser())
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: true })) // support encoded bodies
app.use(express.static(path.resolve(__dirname, '..', '..', 'public')))
app.use(['*'], session({
store: new pgSession({
pgPromise: db,
tableName: 'user_sessions'
}),
name: 'lid',
secret: 'MY_SECRET',
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: true,
secure: true,
domain: hostname,
sameSite: true,
maxAge: 60 * 10 * 1000 // 10 minutes
}
}))
const apolloServer = new ApolloServer({
typeDefs,
resolvers,
schemaDirectives: {
auth: AuthDirective,
superuser: SuperuserDirective
},
playground: false,
introspection: false,
formatError: error => {
@ -44,10 +74,19 @@ const apolloServer = new ApolloServer({
return error
},
context: async ({ req }) => {
const token = req.cookies && req.cookies.token
if (!req.session.user) throw new AuthenticationError('Authentication failed')
const user = await users.verifyAndUpdateUser(
req.session.user.id,
req.headers['user-agent'] || 'Unknown',
req.ip
)
if (!user || !user.enabled) throw new AuthenticationError('Authentication failed')
const success = await login.authenticate(token)
if (!success) throw new AuthenticationError('Authentication failed')
req.session.ua = req.headers['user-agent'] || 'Unknown'
req.session.ipAddress = req.ip
req.session.lastUsed = new Date(Date.now()).toISOString()
req.session.user.id = user.id
req.session.user.role = user.role
return { req: { ...req } }
}
})
@ -67,6 +106,8 @@ app.use('/id-card-photo', serveStatic(idPhotoCardBasedir, { index: false }))
app.use('/front-camera-photo', serveStatic(frontCameraBasedir, { index: false }))
app.use('/api', register)
require('./routes/auth')(app)
// Everything not on graphql or api/register is redirected to the front-end
app.get('*', (req, res) => res.sendFile(path.resolve(__dirname, '..', '..', 'public', 'index.html')))