whitelist databases

this actually works, unlike previous commit

.gitignore

@@ -1,4 +1,7 @@
 node_modules/
 package-lock.json
-dist
+dist/
+!dist/submissions
+!dist/users
+
 

auth/auth.mts

@@ -1,18 +1,23 @@
 import passport from 'passport'
 import { Strategy as localStrategy } from 'passport-local'
-import { User, UserModel } from '../model/model.mjs'
+import { User, encryptPwd, pwdIsValid } from '../model/model.mjs'
 import { Strategy as JWTstrategy, ExtractJwt } from 'passport-jwt'
+import { userDb } from '../db.mjs'
 
 passport.use('signup', new localStrategy(
 	{
-		usernameField: 'email',
+		usernameField: 'username',
 		passwordField: 'password'
 	},
-	async (email, password, done) => {
+	async (username, password, done) => {
+		console.log("signup auth strategy has begun")
 		try {
-			const user = await UserModel.create({ email, password })
+			const encryptedPwd = await encryptPwd(password)
+			const user = await userDb("users").insert({ username: username, password: encryptedPwd }).returning(["username", "password"])
+			console.log(`user: ${user}`)
 			return done(null, user)
 		} catch (err) {
+			console.error(err)
 			done(err)
 		}
 	}))
@@ -20,20 +25,21 @@ passport.use('signup', new localStrategy(
 passport.use('login',
 	new localStrategy(
 		{
-			usernameField: "email",
+			usernameField: "username",
 			passwordField: "password",
 			session: false
 		},
 		async (email, password, done) => {
 			console.log("local strategy called")
 			try {
-				const user: User = await UserModel.findOne({ email })
+				let returnedUser: Array<User> = await userDb("users").select("username", "password").where({ username: email })
+				const user: User = returnedUser[0]
 				console.log(`user: ${user}`)
-				if (!user) {
+				if (!user || returnedUser.length === 0) {
 					return done(null, false, { message: "user not found" })
 				}
 
-				const validate: boolean = await user.isValidPassword(password)
+				const validate: boolean = await pwdIsValid(password, user)
 				console.log(`isValidPassword? ${validate}`)
 
 				if (!validate) {

db.mts

@@ -16,6 +16,13 @@ export const testDb = knex({
 	useNullAsDefault: true
 })
 
+export const userDb = knex({
+	client: "sqlite3",
+	connection: {
+		filename: "./users"
+	},
+	useNullAsDefault: true
+})
 
 
 

dist/auth/auth.mjs

@@ -9,33 +9,39 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 import passport from 'passport';
 import { Strategy as localStrategy } from 'passport-local';
-import { UserModel } from '../model/model.mjs';
+import { encryptPwd, pwdIsValid } from '../model/model.mjs';
 import { Strategy as JWTstrategy, ExtractJwt } from 'passport-jwt';
+import { userDb } from '../db.mjs';
 passport.use('signup', new localStrategy({
-    usernameField: 'email',
+    usernameField: 'username',
     passwordField: 'password'
-}, (email, password, done) => __awaiter(void 0, void 0, void 0, function* () {
+}, (username, password, done) => __awaiter(void 0, void 0, void 0, function* () {
+    console.log("signup auth strategy has begun");
     try {
-        const user = yield UserModel.create({ email, password });
+        const encryptedPwd = yield encryptPwd(password);
+        const user = yield userDb("users").insert({ username: username, password: encryptedPwd }).returning(["username", "password"]);
+        console.log(`user: ${user}`);
         return done(null, user);
     }
     catch (err) {
+        console.error(err);
         done(err);
     }
 })));
 passport.use('login', new localStrategy({
-    usernameField: "email",
+    usernameField: "username",
     passwordField: "password",
     session: false
 }, (email, password, done) => __awaiter(void 0, void 0, void 0, function* () {
     console.log("local strategy called");
     try {
-        const user = yield UserModel.findOne({ email });
+        let returnedUser = yield userDb("users").select("username", "password").where({ username: email });
+        const user = returnedUser[0];
         console.log(`user: ${user}`);
-        if (!user) {
+        if (!user || returnedUser.length === 0) {
             return done(null, false, { message: "user not found" });
         }
-        const validate = yield user.isValidPassword(password);
+        const validate = yield pwdIsValid(password, user);
         console.log(`isValidPassword? ${validate}`);
         if (!validate) {
             return done(null, false, { message: "wrong password" });
@@ -48,7 +54,7 @@ passport.use('login', new localStrategy({
 })));
 passport.use(new JWTstrategy({
     secretOrKey: "TOP_SECRET",
-    jwtFromRequest: ExtractJwt.fromUrlQueryParameter('secret_token')
+    jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme('secret_token')
 }, (token, done) => __awaiter(void 0, void 0, void 0, function* () {
     try {
         return done(null, token.user);

dist/db.mjs

@@ -13,3 +13,10 @@ export const testDb = knex({
     },
     useNullAsDefault: true
 });
+export const userDb = knex({
+    client: "sqlite3",
+    connection: {
+        filename: "./users"
+    },
+    useNullAsDefault: true
+});

dist/model/model.mjs

@@ -35,3 +35,13 @@ UserSchema.methods.isValidPassword = function (password) {
     });
 };
 export const UserModel = mongoose.model("user", UserSchema);
+export function encryptPwd(pwd) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return Promise.resolve(bcrypt.hash(pwd, 10));
+    });
+}
+export function pwdIsValid(pwd, user) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return Promise.resolve(bcrypt.compare(pwd, user.password));
+    });
+}

dist/routes/routes.mjs

@@ -17,10 +17,6 @@ router.post("/signup", passport.authenticate("signup", { session: false }), (req
         user: req.user
     });
 }));
-// router.post("/login", passport.authenticate('local'),
-// 	function(req, res) {
-// 		res.json({ res })
-// 	})
 router.post('/login', (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
     passport.authenticate('login', (err, user, info) => __awaiter(void 0, void 0, void 0, function* () {
         try {
@@ -31,8 +27,8 @@ router.post('/login', (req, res, next) => __awaiter(void 0, void 0, void 0, func
             req.login(user, { session: false }, (error) => __awaiter(void 0, void 0, void 0, function* () {
                 if (error)
                     return next(error);
-                const body = { _id: user._id, email: user.email };
-                const token = jwt.sign({ user: body }, 'TOP_SECRET');
+                const body = { _id: user._id, username: user.username };
+                const token = jwt.sign({ user: body }, 'TOP_SECRET', { expiresIn: "20m" });
                 return res.json({ token });
             }));
         }

index.mts

@@ -1,15 +1,10 @@
 import express from "express"
-import mongoose from "mongoose"
 import passport from "passport"
 import bodyParser from "body-parser"
-
-import { UserModel } from "./model/model.mjs"
+import { db } from "./db.mjs"
 import { default as routes } from "./routes/routes.mjs"
 import { default as secureRoute } from "./routes/secure-routes.mjs"
 import "./auth/auth.mjs"
-mongoose.connect("mongodb://127.0.0.1:27017/passport-jwt", {});
-mongoose.connection.on('error', error => console.log(error));
-mongoose.Promise = global.Promise;
 
 const app = express()
 app.use(passport.initialize())

model/model.mts

@@ -1,41 +1,10 @@
-import mongoose from "mongoose";
 import bcrypt from "bcrypt"
-
-const Schema = mongoose.Schema
-
-const UserSchema = new Schema({
-	email: {
-		type: String,
-		required: true,
-		unique: true
-	},
-	password: {
-		type: String,
-		required: true
-	}
-})
-
-UserSchema.pre(
-	"save",
-	async function(next) {
-		const hash = await bcrypt.hash(this.password, 10)
-		this.password = hash;
-		next();
-	}
-)
-
-UserSchema.methods.isValidPassword = async function(password: string) {
-	const compare = await bcrypt.compare(password, this.password)
-	return compare
+export async function encryptPwd(pwd: string) {
+	return Promise.resolve(bcrypt.hash(pwd, 10))
 }
 
-export interface User {
-	email: string;
-	password: string;
-	isValidPassword: (password: string) => Promise<boolean>
+export async function pwdIsValid(pwd: string, user: User): Promise<boolean> {
+	return Promise.resolve(bcrypt.compare(pwd, user.password))
 }
 
-export const UserModel = mongoose.model("user", UserSchema)
-
-
 

package.json

@@ -20,6 +20,7 @@
     "typescript": "^5.4.5"
   },
   "dependencies": {
+    "@types/knex": "^0.16.1",
     "bcrypt": "^5.1.1",
     "body-parser": "^1.20.2",
     "express": "^4.19.2",
@@ -28,6 +29,7 @@
     "mongoose": "^8.4.0",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
-    "passport-local": "^1.0.0"
+    "passport-local": "^1.0.0",
+    "sqlite3": "^5.1.7"
   }
 }

routes/routes.mts

@@ -12,10 +12,7 @@ router.post("/signup",
 			user: req.user
 		})
 	})
-// router.post("/login", passport.authenticate('local'),
-// 	function(req, res) {
-// 		res.json({ res })
-// 	})
+
 router.post(
 	'/login',
 	async (req, res, next) => {
@@ -35,7 +32,7 @@ router.post(
 						async (error) => {
 							if (error) return next(error);
 
-							const body = { _id: user._id, email: user.email };
+							const body = { _id: user._id, username: user.username };
 							const token = jwt.sign({ user: body }, 'TOP_SECRET', { expiresIn: "20m" });
 
 							return res.json({ token });