jonathan/hostr
jonathan/hostr
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages 1 Wiki Activity Actions

Get linting passing again

Browse source
This commit is contained in:
Jonathan Cremin 2016-06-06 15:37:00 +01:00
parent 4f95f27400
commit 494f66d388
21 changed files with 367 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

104
web/lib/auth.js
View file

@ -2,12 +2,16 @@ import crypto from 'crypto';
import passwords from 'passwords';
import uuid from 'node-uuid';
import views from 'co-views';
const render = views(__dirname + '/../views', { default: 'ejs'});
import { join } from 'path';
const render = views(join(__dirname, '..', 'views'), { default: 'ejs' });
import debugname from 'debug';
const debug = debugname('hostr-web:auth');
import sendgridInit from 'sendgrid';
const sendgrid = sendgridInit(process.env.SENDGRID_KEY);
const from = process.env.EMAIL_FROM;
const fromname = process.env.EMAIL_NAME;
export function* authenticate(email, password) {
const Users = this.db.Users;
const Logins = this.db.Logins;
@ -17,30 +21,38 @@ export function* authenticate(email, password) {
debug('No password, or password too short');
return new Error('Invalid login details');
}
const count = yield Logins.count({ip: remoteIp, successful: false, at: { '$gt': Math.ceil(Date.now() / 1000) - 600}});
const count = yield Logins.count({
ip: remoteIp,
successful: false,
at: { $gt: Math.ceil(Date.now() / 1000) - 600 },
});
if (count > 25) {
debug('Throttling brute force');
return new Error('Invalid login details');
}
const login = {ip: remoteIp, at: Math.ceil(Date.now() / 1000), successful: null};
const login = { ip: remoteIp, at: Math.ceil(Date.now() / 1000), successful: null };
yield Logins.save(login);
const user = yield Users.findOne({email: email.toLowerCase(), banned: {'$exists': false}, status: {'$ne': 'deleted'}});
const user = yield Users.findOne({
email: email.toLowerCase(),
banned: { $exists: false }, status: { $ne: 'deleted' },
});
if (user) {
const verified = yield passwords.verify(password, user.salted_password);
if (verified) {
debug('Password verified');
login.successful = true;
yield Logins.updateOne({_id: login._id}, login);
yield Logins.updateOne({ _id: login._id }, login);
return user;
}
debug('Password invalid');
login.successful = false;
yield Logins.updateOne({_id: login._id}, login);
yield Logins.updateOne({ _id: login._id }, login);
} else {
debug('Email invalid');
login.successful = false;
yield Logins.updateOne({_id: login._id}, login);
yield Logins.updateOne({ _id: login._id }, login);
}
return new Error('Invalid login details');
}
@ -50,15 +62,17 @@ export function* setupSession(user) {
yield this.redis.set(token, user._id, 'EX', 604800);
const sessionUser = {
'id': user._id,
'email': user.email,
'dailyUploadAllowance': 15,
'maxFileSize': 20971520,
'joined': user.joined,
'plan': user.type || 'Free',
'uploadsToday': yield this.db.Files.count({owner: user._id, 'time_added': {'$gt': Math.ceil(Date.now() / 1000) - 86400}}),
'token': token,
'md5': crypto.createHash('md5').update(user.email).digest('hex'),
id: user._id,
email: user.email,
dailyUploadAllowance: 15,
maxFileSize: 20971520,
joined: user.joined,
plan: user.type || 'Free',
uploadsToday: yield this.db.Files.count({
owner: user._id, time_added: { $gt: Math.ceil(Date.now() / 1000) - 86400 },
}),
md5: crypto.createHash('md5').update(user.email).digest('hex'),
token,
};
if (sessionUser.plan === 'Pro') {
@ -70,8 +84,8 @@ export function* setupSession(user) {
if (this.request.body.remember && this.request.body.remember === 'on') {
const Remember = this.db.Remember;
const rememberToken = uuid();
Remember.save({_id: rememberToken, 'user_id': user.id, created: new Date().getTime()});
this.cookies.set('r', rememberToken, { maxAge: 1209600000, httpOnly: true});
Remember.save({ _id: rememberToken, user_id: user.id, created: new Date().getTime() });
this.cookies.set('r', rememberToken, { maxAge: 1209600000, httpOnly: true });
}
debug('Session set up');
}
@ -79,36 +93,38 @@ export function* setupSession(user) {
export function* signup(email, password, ip) {
const Users = this.db.Users;
const existingUser = yield Users.findOne({email: email, status: {'$ne': 'deleted'}});
const existingUser = yield Users.findOne({ email, status: { $ne: 'deleted' } });
if (existingUser) {
debug('Email already in use.');
throw new Error('Email already in use.');
}
const cryptedPassword = yield passwords.crypt(password);
const user = {
email: email,
'salted_password': cryptedPassword,
email,
salted_password: cryptedPassword,
joined: Math.round(new Date().getTime() / 1000),
'signup_ip': ip,
signup_ip: ip,
activationCode: uuid(),
};
Users.insertOne(user);
const html = yield render('email/inlined/activate', {activationUrl: process.env.WEB_BASE_URL + '/activate/' + user.activationCode});
const html = yield render('email/inlined/activate', {
activationUrl: `${process.env.WEB_BASE_URL}/activate/${user.activationCode}`,
});
const text = `Thanks for signing up to Hostr!
Please confirm your email address by clicking the link below.
${process.env.WEB_BASE_URL + '/activate/' + user.activationCode}
${process.env.WEB_BASE_URL}/activate/${user.activationCode}
Jonathan Cremin, Hostr Founder
`;
const mail = new sendgrid.Email({
to: user.email,
from: 'jonathan@hostr.co',
fromname: 'Jonathan from Hostr',
html: html,
text: text,
subject: 'Welcome to Hostr',
from,
fromname,
html,
text,
});
mail.addCategory('activate');
sendgrid.send(mail);
@ -118,25 +134,27 @@ ${process.env.WEB_BASE_URL + '/activate/' + user.activationCode}
export function* sendResetToken(email) {
const Users = this.db.Users;
const Reset = this.db.Reset;
const user = yield Users.findOne({email: email});
const user = yield Users.findOne({ email });
if (user) {
const token = uuid.v4();
Reset.save({
'_id': user._id,
'token': token,
'created': Math.round(new Date().getTime() / 1000),
_id: user._id,
created: Math.round(new Date().getTime() / 1000),
token,
});
const html = yield render('email/inlined/forgot', {
forgotUrl: `${process.env.WEB_BASE_URL}/forgot/${token}`,
});
const html = yield render('email/inlined/forgot', {forgotUrl: process.env.WEB_BASE_URL + '/forgot/' + token});
const text = `It seems you've forgotten your password :(
Visit ${process.env.WEB_BASE_URL + '/forgot/' + token} to set a new one.
Visit ${process.env.WEB_BASE_URL}/forgot/${token} to set a new one.
`;
const mail = new sendgrid.Email({
to: user.email,
from: 'jonathan@hostr.co',
fromname: 'Jonathan from Hostr',
html: html,
text: text,
subject: 'Hostr Password Reset',
html,
text,
});
mail.addCategory('password-reset');
sendgrid.send(mail);
@ -149,36 +167,36 @@ Visit ${process.env.WEB_BASE_URL + '/forgot/' + token} to set a new one.
export function* fromToken(token) {
const Users = this.db.Users;
const reply = yield this.redis.get(token);
return yield Users.findOne({_id: reply});
return yield Users.findOne({ _id: reply });
}
export function* fromCookie(cookie) {
const Remember = this.db.Remember;
const Users = this.db.Users;
const remember = yield Remember.findOne({_id: cookie});
return yield Users.findOne({_id: remember.user_id});
const remember = yield Remember.findOne({ _id: cookie });
return yield Users.findOne({ _id: remember.user_id });
}
export function* validateResetToken() {
const Reset = this.db.Reset;
return yield Reset.findOne({token: this.params.token});
return yield Reset.findOne({ token: this.params.token });
}
export function* updatePassword(userId, password) {
const Users = this.db.Users;
const cryptedPassword = yield passwords.crypt(password);
yield Users.updateOne({_id: userId}, {'$set': {'salted_password': cryptedPassword}});
yield Users.updateOne({ _id: userId }, { $set: { salted_password: cryptedPassword } });
}
export function* activateUser(code) {
const Users = this.db.Users;
const user = yield Users.findOne({activationCode: code});
const user = yield Users.findOne({ activationCode: code });
if (user) {
Users.updateOne({_id: user._id}, {'$unset': {activationCode: ''}});
Users.updateOne({ _id: user._id }, { $unset: { activationCode: '' } });
yield setupSession.call(this, user);
return true;
}