Rework authentication system
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
77
src/auth/repository/orm/ORMUser.ts
Normal file
77
src/auth/repository/orm/ORMUser.ts
Normal file
@@ -0,0 +1,77 @@
|
||||
import * as bcrypt from 'bcrypt'
|
||||
import {Field, FieldType, Model} from '../../../orm'
|
||||
import {Authenticatable, AuthenticatableIdentifier} from '../../types'
|
||||
import {Injectable} from '../../../di'
|
||||
import {Awaitable, JSONState} from '../../../util'
|
||||
|
||||
/**
|
||||
* A basic ORM-driven user class.
|
||||
*/
|
||||
@Injectable()
|
||||
export class ORMUser extends Model<ORMUser> implements Authenticatable {
|
||||
|
||||
protected static table = 'users'
|
||||
|
||||
protected static key = 'user_id'
|
||||
|
||||
/** The primary key of the user in the table. */
|
||||
@Field(FieldType.serial, 'user_id')
|
||||
public userId!: number
|
||||
|
||||
/** The unique string-identifier of the user. */
|
||||
@Field(FieldType.varchar)
|
||||
public username!: string
|
||||
|
||||
/** The user's first name. */
|
||||
@Field(FieldType.varchar, 'first_name')
|
||||
public firstName?: string
|
||||
|
||||
/** The user's last name. */
|
||||
@Field(FieldType.varchar, 'last_name')
|
||||
public lastName?: string
|
||||
|
||||
/** The hashed and salted password of the user. */
|
||||
@Field(FieldType.varchar, 'password_hash')
|
||||
public passwordHash!: string
|
||||
|
||||
/** Human-readable display name of the user. */
|
||||
getDisplay(): string {
|
||||
if ( this.firstName || this.lastName ) {
|
||||
return `${this.firstName} ${this.lastName}`
|
||||
}
|
||||
|
||||
return this.username
|
||||
}
|
||||
|
||||
/** Globally-unique identifier of the user. */
|
||||
getUniqueIdentifier(): AuthenticatableIdentifier {
|
||||
return `user-${this.userId}`
|
||||
}
|
||||
|
||||
/** Unique identifier of the user. */
|
||||
getIdentifier(): AuthenticatableIdentifier {
|
||||
return this.username
|
||||
}
|
||||
|
||||
/** Check if the provided password is valid for the user. */
|
||||
verifyPassword(password: string): Awaitable<boolean> {
|
||||
return bcrypt.compare(password, this.passwordHash)
|
||||
}
|
||||
|
||||
/** Change the user's password, hashing it. */
|
||||
async setPassword(password: string): Promise<void> {
|
||||
this.passwordHash = await bcrypt.hash(password, 10)
|
||||
}
|
||||
|
||||
validateCredential(credential: string): Awaitable<boolean> {
|
||||
return this.verifyPassword(credential)
|
||||
}
|
||||
|
||||
async dehydrate(): Promise<JSONState> {
|
||||
return this.toQueryRow()
|
||||
}
|
||||
|
||||
async rehydrate(state: JSONState): Promise<void> {
|
||||
await this.assumeFromSource(state)
|
||||
}
|
||||
}
|
||||
51
src/auth/repository/orm/ORMUserRepository.ts
Normal file
51
src/auth/repository/orm/ORMUserRepository.ts
Normal file
@@ -0,0 +1,51 @@
|
||||
import {
|
||||
Authenticatable,
|
||||
AuthenticatableIdentifier,
|
||||
AuthenticatableRepository,
|
||||
} from '../../types'
|
||||
import {Awaitable, Maybe, uuid4} from '../../../util'
|
||||
import {ORMUser} from './ORMUser'
|
||||
import {Container, Inject, Injectable} from '../../../di'
|
||||
import {AuthenticatableAlreadyExistsError} from '../../AuthenticatableAlreadyExistsError'
|
||||
|
||||
/**
|
||||
* A user repository implementation that looks up users stored in the database.
|
||||
*/
|
||||
@Injectable()
|
||||
export class ORMUserRepository extends AuthenticatableRepository {
|
||||
@Inject('injector')
|
||||
protected readonly injector!: Container
|
||||
|
||||
/** Look up the user by their username. */
|
||||
getByIdentifier(id: AuthenticatableIdentifier): Awaitable<Maybe<Authenticatable>> {
|
||||
return (this.injector.getStaticOverride(ORMUser) as typeof ORMUser).query<ORMUser>()
|
||||
.where('username', '=', id)
|
||||
.first()
|
||||
}
|
||||
|
||||
/** Returns true if this repository supports registering users. */
|
||||
supportsRegistration(): boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
/** Create a user in this repository from basic credentials. */
|
||||
async createFromCredentials(username: string, password: string): Promise<Authenticatable> {
|
||||
if ( await this.getByIdentifier(username) ) {
|
||||
throw new AuthenticatableAlreadyExistsError(`Authenticatable already exists with credentials.`, {
|
||||
username,
|
||||
})
|
||||
}
|
||||
|
||||
const user = <ORMUser> this.injector.makeByStaticOverride(ORMUser)
|
||||
user.username = username
|
||||
await user.setPassword(password)
|
||||
await user.save()
|
||||
|
||||
return user
|
||||
}
|
||||
|
||||
/** Create a user in this repository from an external Authenticatable instance. */
|
||||
async createFromExternal(user: Authenticatable): Promise<Authenticatable> {
|
||||
return this.createFromCredentials(String(user.getUniqueIdentifier()), uuid4())
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user