-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.js
65 lines (55 loc) · 2.32 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
var passport = require('passport');
var Strategy = require('passport-local');
var TotpStrategy = require('passport-totp').Strategy
var crypto = require('crypto');
var db = require('../db');
module.exports = function() {
// Configure the local strategy for use by Passport.
//
// The local strategy requires a `verify` function which receives the credentials
// (`username` and `password`) submitted by the user. The function must verify
// that the password is correct and then invoke `cb` with a user object, which
// will be set at `req.user` in route handlers after authentication.
passport.use(new Strategy(function(username, password, cb) {
db.get('SELECT rowid AS id, * FROM users WHERE username = ?', [ username ], function(err, row) {
if (err) { return cb(err); }
if (!row) { return cb(null, false, { message: 'Incorrect username or password.' }); }
crypto.pbkdf2(password, row.salt, 10000, 32, 'sha256', function(err, hashedPassword) {
if (err) { return cb(err); }
if (!crypto.timingSafeEqual(row.hashed_password, hashedPassword)) {
return cb(null, false, { message: 'Incorrect username or password.' });
}
var user = {
id: row.id.toString(),
username: row.username,
displayName: row.name
};
return cb(null, user);
});
});
}));
passport.use(new TotpStrategy(function(user, cb) {
db.get('SELECT rowid AS id, * FROM otp_credentials WHERE user_id = ?', [ user.id ], function(err, row) {
if (err) { return cb(err); }
if (!row) { return cb(null, false); }
return cb(null, row.secret, 30);
});
}));
// Configure Passport authenticated session persistence.
//
// In order to restore authentication state across HTTP requests, Passport needs
// to serialize users into and deserialize users out of the session. The
// typical implementation of this is as simple as supplying the user ID when
// serializing, and querying the user record by ID from the database when
// deserializing.
passport.serializeUser(function(user, cb) {
process.nextTick(function() {
cb(null, { id: user.id, username: user.username });
});
});
passport.deserializeUser(function(user, cb) {
process.nextTick(function() {
return cb(null, user);
});
});
};