Browse Source

Readme update

Robert 1 month ago
parent
commit
0f1876757d
5 changed files with 30 additions and 2 deletions
  1. 11
    0
      README.md
  2. 13
    0
      package-lock.json
  3. 1
    0
      package.json
  4. 1
    0
      utils/database.js
  5. 4
    2
      utils/passportInit.js

+ 11
- 0
README.md View File

@@ -1,2 +1,13 @@
1 1
 # kamidere-oauth2server
2 2
 
3
+Authorization server backend for future projects. 
4
+ref. [oauth2orize-example](https://github.com/gerges-beshay/oauth2orize-examples)
5
+
6
+# TODO
7
+* Learn about good hashing practice and implement it 
8
+  * libsodium or libsodium-wrappers (ref. https://crackstation.net/hashing-security.htm)
9
+  * clinet-side prehashing (ref. https://download.libsodium.org/doc/password_hashing)
10
+* /register endpoint with both GET and POST
11
+* /client, /me, endpoints
12
+* Good looking front-end
13
+  * Vue.js?

+ 13
- 0
package-lock.json View File

@@ -570,6 +570,19 @@
570 570
       "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.3.0.tgz",
571 571
       "integrity": "sha512-6hHxsp9e6zQU8nXsP+02HGWXwTkOEw6IROhF2ZA28cYbUk4eJ6QbtZvdqZOdD9YPKghG3apk5eOCvs+tLl3lRg=="
572 572
     },
573
+    "libsodium": {
574
+      "version": "0.7.3",
575
+      "resolved": "https://registry.npmjs.org/libsodium/-/libsodium-0.7.3.tgz",
576
+      "integrity": "sha512-ld+deUNqSsZYbAobUs63UyduPq8ICp/Ul/5lbvBIYpuSNWpPRU0PIxbW+xXipVZtuopR6fIz9e0tTnNuPMNeqw=="
577
+    },
578
+    "libsodium-wrappers": {
579
+      "version": "0.7.3",
580
+      "resolved": "https://registry.npmjs.org/libsodium-wrappers/-/libsodium-wrappers-0.7.3.tgz",
581
+      "integrity": "sha512-dw5Jh6TZ5qc5rQVZe3JrSO/J05CE+DmAPnqD7Q2glBUE969xZ6o3fchnUxyPlp6ss3x0MFxmdJntveFN+XTg1g==",
582
+      "requires": {
583
+        "libsodium": "0.7.3"
584
+      }
585
+    },
573 586
     "lodash": {
574 587
       "version": "4.17.11",
575 588
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",

+ 1
- 0
package.json View File

@@ -19,6 +19,7 @@
19 19
     "express": "^4.16.4",
20 20
     "express-session": "^1.15.6",
21 21
     "jsonwebtoken": "^8.4.0",
22
+    "libsodium-wrappers": "^0.7.3",
22 23
     "mongoose": "^5.3.13",
23 24
     "oauth2-server": "^3.0.1",
24 25
     "oauth2orize": "^1.11.0",

+ 1
- 0
utils/database.js View File

@@ -28,6 +28,7 @@ conn.on('disconnect', () => {
28 28
 const userScheme = new mongoose.Schema({
29 29
   username: String,
30 30
   pwd: String,
31
+  seed: String,
31 32
   email: String,
32 33
   tokens: [{ type: ObjectId, ref: 'tokens' }],
33 34
   connections: [{ type: ObjectId, ref: 'clients' }],

+ 4
- 2
utils/passportInit.js View File

@@ -4,6 +4,7 @@ const LocalStrategy = require('passport-local').Strategy;
4 4
 const BasicStrategy = require('passport-http').BasicStrategy;
5 5
 const ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy;
6 6
 const BearerStrategy = require('passport-http-bearer').Strategy;
7
+const sodium = require('libsodium-wrappers');
7 8
 
8 9
 const db = require('./database');
9 10
 
@@ -11,7 +12,8 @@ passport.use(new LocalStrategy(
11 12
   async (username, pwd, done) => {
12 13
     try {
13 14
       const user = await db.User.findByUsername(username).exec();
14
-      if(!user || pwd !== user.pwd) return done(null, false);
15
+      const pwdhash = sodium.crypto_shorthash(pwd, user.seed);
16
+      if(!user || pwdhash !== user.pwd) return done(null, false);
15 17
       done(null, user);
16 18
     } catch (error) {
17 19
       done(error);
@@ -52,7 +54,7 @@ passport.use(new BearerStrategy(
52 54
     try {
53 55
       const token = await db.Token.findByToken(_token).populate('user').populate('client').exec();
54 56
       if (!token) return done(null, false);
55
-      _token.user._id ? userToken(token) : clinetToken(token);
57
+      token.user._id ? userToken(token) : clientToken(token);
56 58
 
57 59
     } catch (error) {
58 60
       done(error);

Loading…
Cancel
Save