Merge pull request #13 from jmagan/development

passport-cardano-web3 integration
jmagan · Jan 7, 2023 · c0b1e1f · c0b1e1f
2 parents 67db384 + ffd2961
commit c0b1e1f
Show file tree

Hide file tree

Showing 23 changed files with 1,528 additions and 642 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,8 @@
-## v1.0.0 ()
+## v1.1.0 (Jan 07, 2023)
+
+*   Passport Cardano web3 implementation
+
+## v1.0.0 (Dec 23, 2022)
 
 *   Wallet address uniqueness
 *   Payload expiration checking

diff --git a/app/controllers/auth/helpers/checkLoginAttemptsAndBlockExpires.js b/app/controllers/auth/helpers/checkLoginAttemptsAndBlockExpires.js
diff --git a/app/controllers/auth/helpers/index.js b/app/controllers/auth/helpers/index.js
@@ -1,8 +1,5 @@
 const { blockIsExpired } = require('./blockIsExpired')
 const { blockUser } = require('./blockUser')
-const {
-  checkLoginAttemptsAndBlockExpires
-} = require('./checkLoginAttemptsAndBlockExpires')
 const { checkPermissions } = require('./checkPermissions')
 const { findChangeWallet } = require('./findChangeWallet')
 const { findUser } = require('./findUser')
@@ -12,25 +9,21 @@ const { changeWalletResponse } = require('./changeWalletResponse')
 const { generateAccessToken } = require('./generateAccessToken')
 const { getUserIdFromToken } = require('./getUserIdFromToken')
 const { markChangeWalletAsUsed } = require('./markChangeWalletAsUsed')
-const { signatureIsInvalid } = require('./signatureIsInvalid')
 const { registerUser } = require('./registerUser')
 const { returnRegisterToken } = require('./returnRegisterToken')
 const { saveChangeWallet } = require('./saveChangeWallet')
-const { saveLoginAttemptsToDB } = require('./saveLoginAttemptsToDB')
 const {
   saveUserAccessAndReturnToken
 } = require('./saveUserAccessAndReturnToken')
 const { setUserInfo } = require('./setUserInfo')
 const { updateWallet } = require('./updateWallet')
-const { userIsBlocked } = require('./userIsBlocked')
 const { verificationExists } = require('./verificationExists')
 const { verifyUser } = require('./verifyUser')
 const { generateRefreshToken } = require('./generateRefreshToken')
 
 module.exports = {
   blockIsExpired,
   blockUser,
-  checkLoginAttemptsAndBlockExpires,
   checkPermissions,
   findChangeWallet,
   findUser,
@@ -40,15 +33,12 @@ module.exports = {
   generateAccessToken,
   getUserIdFromToken,
   markChangeWalletAsUsed,
-  signatureIsInvalid,
   registerUser,
   returnRegisterToken,
   saveChangeWallet,
-  saveLoginAttemptsToDB,
   saveUserAccessAndReturnToken,
   setUserInfo,
   updateWallet,
-  userIsBlocked,
   verificationExists,
   verifyUser,
   generateRefreshToken

diff --git a/app/controllers/auth/helpers/saveLoginAttemptsToDB.js b/app/controllers/auth/helpers/saveLoginAttemptsToDB.js
diff --git a/app/controllers/auth/helpers/signatureIsInvalid.js b/app/controllers/auth/helpers/signatureIsInvalid.js
diff --git a/app/controllers/auth/helpers/userIsBlocked.js b/app/controllers/auth/helpers/userIsBlocked.js
diff --git a/app/controllers/auth/helpers/verifyCoseSign1SignatureAndAddress.js b/app/controllers/auth/helpers/verifyCoseSign1SignatureAndAddress.js
diff --git a/app/controllers/auth/helpers/verifyPayload.js b/app/controllers/auth/helpers/verifyPayload.js
diff --git a/app/controllers/auth/login.js b/app/controllers/auth/login.js
@@ -1,17 +1,6 @@
-const { matchedData } = require('express-validator')
-
-const {
-  userIsBlocked,
-  checkLoginAttemptsAndBlockExpires,
-  signatureIsInvalid,
-  saveLoginAttemptsToDB,
-  saveUserAccessAndReturnToken
-} = require('./helpers')
+const { saveUserAccessAndReturnToken } = require('./helpers')
 
 const { handleError } = require('../../middleware/utils')
-const { checkSignature } = require('../../middleware/auth')
-const verifyPayload = require('./helpers/verifyPayload')
-const { getCoseSign1Bech32Address } = require('../../services/crypto')
 const { findUserByWalleAddress } = require('./helpers/findUserByWalletAddress')
 
 /**
@@ -21,25 +10,9 @@ const { findUserByWalleAddress } = require('./helpers/findUserByWalletAddress')
  */
 const login = async (req, res) => {
   try {
-    const data = matchedData(req)
-    const walletAddress = await getCoseSign1Bech32Address(data.signature)
+    const walletAddress = req.user.id
     const user = await findUserByWalleAddress(walletAddress)
-    await userIsBlocked(user)
-    await checkLoginAttemptsAndBlockExpires(user)
-    const isSignatureChecked = await checkSignature(
-      data.key,
-      data.signature,
-      user
-    )
-    await verifyPayload(data.signature, 'Login')
-    if (!isSignatureChecked) {
-      handleError(res, await signatureIsInvalid(user))
-    } else {
-      // all ok, register access and return token
-      user.loginAttempts = 0
-      await saveLoginAttemptsToDB(user)
-      res.status(200).json(await saveUserAccessAndReturnToken(req, res, user))
-    }
+    res.status(200).json(await saveUserAccessAndReturnToken(req, res, user))
   } catch (error) {
     handleError(res, error)
   }

diff --git a/app/controllers/auth/register.js b/app/controllers/auth/register.js
@@ -8,11 +8,6 @@ const {
   emailExists,
   sendRegistrationEmailMessage
 } = require('../../middleware/emailer')
-const {
-  verifyCoseSign1SignatureAndAddress
-} = require('./helpers/verifyCoseSign1SignatureAndAddress')
-const verifyPayload = require('./helpers/verifyPayload')
-
 /**
  * Register function called by route
  * @param {Object} req - request object
@@ -22,17 +17,11 @@ const register = async (req, res) => {
   try {
     // Gets locale from header 'Accept-Language'
     const locale = req.getLocale()
+    const payload = req.authInfo
     req = matchedData(req)
     const doesEmailOrWalletAddressExists =
       (await emailExists(req.email)) ||
       (await walletAddressExists(req.walletAddress))
-    await verifyCoseSign1SignatureAndAddress(
-      req.key,
-      req.signature,
-      req.walletAddress
-    )
-
-    const payload = await verifyPayload(req.signature, 'Sign up')
 
     if (payload.email !== req.email || payload.name !== req.name) {
       throw buildErrObject(422, 'INVALID_PAYLOAD')

diff --git a/app/controllers/auth/resetWallet.js b/app/controllers/auth/resetWallet.js
@@ -6,10 +6,6 @@ const {
   markChangeWalletAsUsed
 } = require('./helpers')
 const { handleError } = require('../../middleware/utils')
-const {
-  verifyCoseSign1SignatureAndAddress
-} = require('./helpers/verifyCoseSign1SignatureAndAddress')
-const verifyPayload = require('./helpers/verifyPayload')
 
 /**
  * Reset password function called by route
@@ -22,14 +18,6 @@ const resetWallet = async (req, res) => {
     const changeWallet = await findChangeWallet(data.id)
     const user = await findUserToResetWallet(changeWallet.email)
 
-    await verifyCoseSign1SignatureAndAddress(
-      data.key,
-      data.signature,
-      data.walletAddress
-    )
-
-    await verifyPayload(data.signature, 'Reset')
-
     await updateWallet(data.walletAddress, user)
     const result = await markChangeWalletAsUsed(req, changeWallet)
     res.status(200).json(result)

diff --git a/app/middleware/auth/checkSignature.js b/app/middleware/auth/checkSignature.js
diff --git a/app/middleware/auth/index.js b/app/middleware/auth/index.js
@@ -1,9 +1,7 @@
-const { checkSignature } = require('./checkSignature')
 const { decrypt } = require('./decrypt')
 const { encrypt } = require('./encrypt')
 
 module.exports = {
-  checkSignature,
   decrypt,
   encrypt
 }
diff --git a/app/models/user.js b/app/models/user.js
@@ -62,16 +62,6 @@ const UserSchema = new mongoose.Schema(
         message: 'NOT_A_VALID_URL'
       },
       lowercase: true
-    },
-    loginAttempts: {
-      type: Number,
-      default: 0,
-      select: false
-    },
-    blockExpires: {
-      type: Date,
-      default: Date.now,
-      select: false
     }
   },
   {