freeCodeCamp/api-server/server/boot/authentication.js

import passport from 'passport';

import { homeLocation } from '../../../config/env';
import {
  createPassportCallbackAuthenticator,
  saveResponseAuthCookies,
  loginRedirect
} from '../component-passport';
import { ifUserRedirectTo } from '../utils/middleware';
import { wrapHandledError } from '../utils/create-handled-error.js';
import { removeCookies } from '../utils/getSetAccessToken';

const isSignUpDisabled = !!process.env.DISABLE_SIGNUP;
if (isSignUpDisabled) {
  console.log('fcc:boot:auth - Sign up is disabled');
}

module.exports = function enableAuthentication(app) {
  // enable loopback access control authentication. see:
  // loopback.io/doc/en/lb2/Authentication-authorization-and-permissions.html
  app.enableAuth();
  const ifUserRedirect = ifUserRedirectTo();
  const saveAuthCookies = saveResponseAuthCookies();
  const loginSuccessRedirect = loginRedirect();
  const api = app.loopback.Router();

  // Use a local mock strategy for signing in if we are in dev mode.
  // Otherwise we use auth0 login. We use a string for 'true' because values
  // set in the env file will always be strings and never boolean.
  if (process.env.LOCAL_MOCK_AUTH === 'true') {
    api.get(
      '/signin',
      passport.authenticate('devlogin'),
      saveAuthCookies,
      loginSuccessRedirect
    );
  } else {
    api.get(
      '/signin',
      ifUserRedirect,
      passport.authenticate('auth0-login', {})
    );

    api.get(
      '/auth/auth0/callback',
      createPassportCallbackAuthenticator('auth0-login', { provider: 'auth0' })
    );
  }

  api.get('/signout', (req, res) => {
    req.logout();
    req.session.destroy(err => {
      if (err) {
        throw wrapHandledError(new Error('could not destroy session'), {
          type: 'info',
          message: 'We could not log you out, please try again in a moment.',
          redirectTo: homeLocation
        });
      }
      removeCookies(req, res);
      res.redirect(homeLocation);
    });
  });

  app.use(api);
};
fix(auth): Fix auth flow for the client app 2018-10-23 23:24:48 +00:00			`import passport from 'passport';`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 18:11:17 +00:00
chore(server): Move api-server in to it's own DIR 2018-08-31 15:04:04 +00:00			`import { homeLocation } from '../../../config/env';`
chore: Fix api linting 2019-02-16 00:31:05 +00:00			`import {`
feat: use mock authentication for local dev 2018-10-30 21:17:07 +00:00			`createPassportCallbackAuthenticator,`
			`saveResponseAuthCookies,`
			`loginRedirect`
			`} from '../component-passport';`
chore: Remove old auth cruft 2019-03-04 21:03:46 +00:00			`import { ifUserRedirectTo } from '../utils/middleware';`
fix(updateMyCurrentChallenge): Bad mongo id will return user error Mark these errors to be reported to the user instead of logged as a server fault 2018-01-23 01:08:33 +00:00			`import { wrapHandledError } from '../utils/create-handled-error.js';`
feat: Use new (tested) accessToken utils to set and remove cookies 2019-02-20 23:07:12 +00:00			`import { removeCookies } from '../utils/getSetAccessToken';`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 21:20:03 +00:00
			`const isSignUpDisabled = !!process.env.DISABLE_SIGNUP;`
feat(boot/auth): Add signup disabled debug info 2018-01-01 23:01:50 +00:00			`if (isSignUpDisabled) {`
			`console.log('fcc:boot:auth - Sign up is disabled');`
			`}`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 21:20:03 +00:00
use app instead of server in boot directories 2015-06-03 19:26:11 +00:00			`module.exports = function enableAuthentication(app) {`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 21:20:03 +00:00			`// enable loopback access control authentication. see:`
fix(auth): Remove deprecated views and routes 2018-06-28 09:32:22 +00:00			`// loopback.io/doc/en/lb2/Authentication-authorization-and-permissions.html`
use app instead of server in boot directories 2015-06-03 19:26:11 +00:00			`app.enableAuth();`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 18:11:17 +00:00			`const ifUserRedirect = ifUserRedirectTo();`
feat: use mock authentication for local dev 2018-10-30 21:17:07 +00:00			`const saveAuthCookies = saveResponseAuthCookies();`
			`const loginSuccessRedirect = loginRedirect();`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 21:20:03 +00:00			`const api = app.loopback.Router();`

feat: use mock authentication for local dev 2018-10-30 21:17:07 +00:00			`// Use a local mock strategy for signing in if we are in dev mode.`
			`// Otherwise we use auth0 login. We use a string for 'true' because values`
			`// set in the env file will always be strings and never boolean.`
			`if (process.env.LOCAL_MOCK_AUTH === 'true') {`
			`api.get(`
			`'/signin',`
			`passport.authenticate('devlogin'),`
			`saveAuthCookies,`
			`loginSuccessRedirect`
			`);`
			`} else {`
			`api.get(`
			`'/signin',`
			`ifUserRedirect,`
			`passport.authenticate('auth0-login', {})`
			`);`

			`api.get(`
			`'/auth/auth0/callback',`
			`createPassportCallbackAuthenticator('auth0-login', { provider: 'auth0' })`
			`);`
			`}`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 21:20:03 +00:00
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00			`api.get('/signout', (req, res) => {`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 21:20:03 +00:00			`req.logout();`
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00			`req.session.destroy(err => {`
fix(auth): Add verification route for email 2018-05-25 17:44:09 +00:00			`if (err) {`
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00			`throw wrapHandledError(new Error('could not destroy session'), {`
			`type: 'info',`
fix(client): Vague Error messages (#36047) Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> 2019-06-19 14:31:03 +00:00			`message: 'We could not log you out, please try again in a moment.',`
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00			`redirectTo: homeLocation`
			`});`
fix(auth): Add verification route for email 2018-05-25 17:44:09 +00:00			`}`
feat: Use new (tested) accessToken utils to set and remove cookies 2019-02-20 23:07:12 +00:00			`removeCookies(req, res);`
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00			`res.redirect(homeLocation);`
			`});`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 18:11:17 +00:00			`});`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 21:20:03 +00:00
			`app.use(api);`
initial move to loopback server 2015-06-03 00:27:02 +00:00			`};`