m/umami
1
0
Fork 0
mirror of https://github.com/kremalicious/umami.git synced 2024-11-15 17:55:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added redis check to verify.

Browse Source
This commit is contained in:
Mike Cao 2022-11-08 12:28:45 -08:00
parent 13fd3ccd16
commit 208fcb8418
4 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/auth.js
View File

@ -7,7 +7,7 @@ import { secret } from 'lib/crypto';
const log = debug('umami:auth');
export function generateAuthToken() {
return getRandomChars(32);
return `auth:${getRandomChars(32)}`;
}
export function getAuthToken(req) {

8
lib/middleware.js
View File

@ -3,7 +3,6 @@ import debug from 'debug';
import cors from 'cors';
import { findSession } from 'lib/session';
import { parseAuthToken, parseShareToken } from 'lib/auth';
import redis from 'lib/redis';
const log = debug('umami:middleware');
@ -25,14 +24,11 @@ export const useAuth = createMiddleware(async (req, res, next) => {
const token = await parseAuthToken(req);
const shareToken = await parseShareToken(req);
const key = `auth:${token?.authKey}`;
const data = redis.enabled ? await redis.get(key) : token;
if (!data && !shareToken) {
if (!token && !shareToken) {
log('useAuth:user-not-authorized');
return unauthorized(res);
}
req.auth = { ...data, shareToken };
req.auth = { ...token, shareToken };
next();
});

7
pages/api/auth/login.js
View File

@ -14,14 +14,15 @@ export default async (req, res) => {
const user = await getUser({ username });
if (user && checkPassword(password, user.password)) {
const { id: userId, username, isAdmin } = user;
if (redis.enabled) {
const token = `auth:${generateAuthToken()}`;
const token = generateAuthToken();
await redis.set(token, user);
return ok(res, { token, user });
}
const { id: userId, username, isAdmin } = user;
const token = createSecureToken({ userId, username, isAdmin }, secret());
return ok(res, { token, user });

16
pages/api/auth/verify.js
View File

@ -1,11 +1,21 @@
import { useAuth } from 'lib/middleware';
import { ok, unauthorized } from 'next-basics';
import redis from 'lib/redis';
import { secret } from 'lib/crypto';
import { getAuthToken } from 'lib/auth';
export default async (req, res) => {
await useAuth(req, res);
if (redis.enabled) {
const token = await getAuthToken(req, secret());
const user = await redis.get(token);
if (req.auth) {
return ok(res, req.auth);
return ok(res, user);
} else {
await useAuth(req, res);
if (req.auth) {
return ok(res, req.auth);
}
}
return unauthorized(res);