Merge branch 'authentication' into main
This commit is contained in:
Johanna Kuehner
95
server/api/auth/login.ts
Normal file
95
server/api/auth/login.ts
Normal file
@ -0,0 +1,95 @@
|
||||
import axios, { AxiosError } from 'axios';
|
||||
import serversideConfig from '../../../serversideConfig';
|
||||
import https from 'https';
|
||||
|
||||
let errorMsg = 'error';
|
||||
//const { data } = useAuthState()
|
||||
|
||||
|
||||
export default eventHandler(async (event) => {
|
||||
|
||||
const agent = new https.Agent({
|
||||
rejectUnauthorized: false,
|
||||
});
|
||||
const axiosInstance = axios.create({
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
Accept: "*",
|
||||
},
|
||||
httpsAgent: agent
|
||||
});
|
||||
|
||||
|
||||
const body = await readBody(event)
|
||||
|
||||
// get user object from backend
|
||||
try {
|
||||
let res = await axiosInstance.post(`https://${serversideConfig.url}:${serversideConfig.port}/login`, {
|
||||
username: body.username,
|
||||
password: body.password,
|
||||
});
|
||||
const sessionToken = res.data.token;
|
||||
const user = res.data.user;
|
||||
|
||||
console.log('sessionToken: ', sessionToken);
|
||||
console.log('user: ', user);
|
||||
|
||||
setResponseStatus(event, 200);
|
||||
const resBody = {
|
||||
token: sessionToken,
|
||||
message: 'Login successful'
|
||||
};
|
||||
console.log('resBody: ', resBody);
|
||||
|
||||
return resBody;
|
||||
}
|
||||
catch (err) {
|
||||
if (axios.isAxiosError(err)) {
|
||||
const axiosError = err as AxiosError;
|
||||
|
||||
if (axiosError.response) {
|
||||
// Axios error
|
||||
//console.error(axiosError.response.data.message);
|
||||
//errorMsg = axiosError.response.data.message;
|
||||
} else if (axiosError.request) {
|
||||
// If error was caused by the request
|
||||
console.error(axiosError.request);
|
||||
} else {
|
||||
// Other errors
|
||||
console.error('Error', axiosError.message);
|
||||
}
|
||||
} else {
|
||||
// No AxiosError
|
||||
console.error('Error', err);
|
||||
}
|
||||
}
|
||||
throw createError({
|
||||
statusCode: 400,
|
||||
statusMessage: errorMsg,
|
||||
})
|
||||
|
||||
|
||||
})
|
||||
|
||||
|
||||
|
||||
/*import { loginSuccessful, sessionToken, errorMsg } from "../../middleware/login";
|
||||
import { OutgoingMessage } from 'http';
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
|
||||
if (!loginSuccessful) {
|
||||
throw createError({
|
||||
statusCode: 400,
|
||||
statusMessage: errorMsg,
|
||||
})
|
||||
}
|
||||
|
||||
setResponseStatus(event, 200);
|
||||
//setResponseHeader(event, "Set-Cookie", sessionToken);
|
||||
const resBody = {
|
||||
token: sessionToken,
|
||||
message: 'Login successful'
|
||||
};
|
||||
return resBody;
|
||||
})*/
|
||||
50
server/api/auth/refresh.ts
Normal file
50
server/api/auth/refresh.ts
Normal file
@ -0,0 +1,50 @@
|
||||
import { createError, eventHandler, readBody, sendRedirect } from 'h3';
|
||||
import jwt from 'jsonwebtoken';
|
||||
|
||||
const SECRET = 'SECRETTUEITKEY'
|
||||
|
||||
interface User {
|
||||
username: string;
|
||||
id: string;
|
||||
}
|
||||
|
||||
interface JwtPayload extends User {
|
||||
exp: number;
|
||||
}
|
||||
|
||||
export default eventHandler(async (event) => {
|
||||
const body = await readBody<{ refreshToken: string }>(event);
|
||||
|
||||
if (!body.refreshToken) {
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: 'Unauthorized, no refreshToken in payload'
|
||||
});
|
||||
};
|
||||
|
||||
const decoded = jwt.verify(body.refreshToken, SECRET) as JwtPayload | undefined;
|
||||
|
||||
if (!decoded) {
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: 'Unauthorized, refreshToken can`t be verified'
|
||||
});
|
||||
};
|
||||
|
||||
|
||||
// decoded.userId exists on JwtPayload, TS falsely wants decoded.id
|
||||
const user: User = {
|
||||
username: decoded.username,
|
||||
id: decoded.userId,
|
||||
};
|
||||
|
||||
const authToken = jwt.sign( user, SECRET, { expiresIn: 60 * 5 }); // expires in 5 min
|
||||
const refreshToken = jwt.sign( user, SECRET, { expiresIn: 60 * 60 * 24 * 7 }); // expires in 7 days
|
||||
|
||||
return {
|
||||
token: {
|
||||
authToken,
|
||||
refreshToken
|
||||
}
|
||||
};
|
||||
})
|
||||
36
server/api/auth/session.ts
Normal file
36
server/api/auth/session.ts
Normal file
@ -0,0 +1,36 @@
|
||||
import { createError, eventHandler, getRequestHeader, H3Event } from 'h3'
|
||||
import jwt from 'jsonwebtoken';
|
||||
|
||||
const TOKEN_TYPE = 'Bearer'
|
||||
|
||||
const extractToken = (authHeaderValue: string) => {
|
||||
const [, token] = authHeaderValue.split(`${TOKEN_TYPE} `)
|
||||
return token
|
||||
}
|
||||
|
||||
const ensureAuth = (event: H3Event) => {
|
||||
const authHeaderValue = getRequestHeader(event, 'authorization')
|
||||
if (typeof authHeaderValue === 'undefined') {
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage:
|
||||
'Need to pass valid Bearer-authorization header to access this endpoint'
|
||||
})
|
||||
}
|
||||
|
||||
const extractedToken = extractToken(authHeaderValue)
|
||||
try {
|
||||
return jwt.verify(extractedToken, 'SECRETTUEITKEY')
|
||||
} catch (error) {
|
||||
console.error("Login failed. Here's the raw error:", error)
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: 'You must be logged in to access this page'
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
export default eventHandler((event) => {
|
||||
const user = ensureAuth(event)
|
||||
return user
|
||||
})
|
||||
@ -1,4 +1,4 @@
|
||||
import { errorMsg } from "../middleware/signUp.js";
|
||||
import { errorMsg } from "../../middleware/signUp.js";
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
import { loginSuccessful, errorMsg } from "../middleware/login";
|
||||
import { OutgoingMessage } from 'http';
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
|
||||
if (!loginSuccessful) {
|
||||
throw createError({
|
||||
statusCode: 400,
|
||||
statusMessage: errorMsg,
|
||||
})
|
||||
}
|
||||
|
||||
setResponseStatus(event, 200)
|
||||
return 'Successfully logged in.'
|
||||
})
|
||||
1
server/main.ts
Normal file
1
server/main.ts
Normal file
@ -0,0 +1 @@
|
||||
//import { pinia } from '@/store'
|
||||
@ -1,56 +0,0 @@
|
||||
import axios, { AxiosError } from 'axios';
|
||||
import serversideConfig from '../../serversideConfig';
|
||||
import https from 'https';
|
||||
|
||||
let loginSuccessful = false;
|
||||
let errorMsg = '';
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
loginSuccessful = false;
|
||||
const agent = new https.Agent({
|
||||
rejectUnauthorized: false,
|
||||
});
|
||||
|
||||
const axiosInstance = axios.create({
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
Accept: "*",
|
||||
},
|
||||
httpsAgent: agent
|
||||
});
|
||||
|
||||
if (event.path.startsWith("/api/login")) {
|
||||
|
||||
const body = await readBody(event)
|
||||
|
||||
// get user object from backend
|
||||
try {
|
||||
let res = await axiosInstance.post(`https://${serversideConfig.url}:${serversideConfig.port}/login`, {
|
||||
username: body.username,
|
||||
password: body.password,
|
||||
});
|
||||
loginSuccessful = true;
|
||||
} catch (err) {
|
||||
if (axios.isAxiosError(err)) {
|
||||
const axiosError = err as AxiosError;
|
||||
|
||||
if (axiosError.response) {
|
||||
// Axios error
|
||||
console.error(axiosError.response.data.message);
|
||||
errorMsg = axiosError.response.data.message;
|
||||
} else if (axiosError.request) {
|
||||
// If error was caused by the request
|
||||
console.error(axiosError.request);
|
||||
} else {
|
||||
// Other errors
|
||||
console.error('Error', axiosError.message);
|
||||
}
|
||||
} else {
|
||||
// No AxiosError
|
||||
console.error('Error', err);
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
export { loginSuccessful, errorMsg };
|
||||
Reference in New Issue
Block a user