implements GoogleOAuth via Passport and Cookie based auth

lazycipher · lazycipher · commit 04cda59bc3e0 · 2020-11-04T19:21:56.000+05:30
diff --git a/.env.dev b/.env.dev
@@ -3,6 +3,7 @@ NODE_ENV="development"
 JWT_SECRET="thisismysupersecrettokenjustkidding"
 DATABASE_URL="mongodb://mongo:27017/donut-development"
 SENDGRID_API_KEY='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'
+SENDGRID_FROM_EMAIL_ADDRESS='services@codeuino.com'
 SOCKET_PORT=8810
 clientbaseurl="http://localhost:3000"
 SOCKET_PORT=8810
@@ -13,3 +14,8 @@ REDIS_DB=0
 REDIS_ACTIVITY_DB=1
 GITHUB_OAUTH_APP_CLIENTID="a3e08516c35fe7e83f43"
 GITHUB_OAUTH_APP_CLIENTSECRET="8393d95c3bfeeb0943045f447a9d055cb660bce0"
+GOOGLE_OAUTH_CLIENT_ID=""
+GOOGLE_OAUTH_CLIENT_SECRET=""
+
+# For Ex: http://localhost:5000/user/auth/google/callback
+GOOGLE_OAUTH_CALLBACK=""
diff --git a/app.js b/app.js
@@ -30,16 +30,21 @@ const analyticsRouter = require('./app/routes/analytics')
 const wikisRouter = require('./app/routes/wikis')
 const activityRouter = require('./app/routes/activity')
 const ticketRouter = require('./app/routes/ticket')
-
+const passport = require('passport');
 const app = express()
 const server = require('http').Server(app)
+const clientbaseurl = process.env.clientbaseurl ||  'http://localhost:3000'
 
-app.use(cors())
+app.use(cors({origin: clientbaseurl, credentials: true}))
 
 app.use(bodyParser.json({ limit: '200mb' }))
 app.use(cookieParser())
 app.use(bodyParser.urlencoded(fileConstants.fileParameters))
 
+// PassportJS for OAuth
+app.use(passport.initialize());
+require('./app/middleware/passport');
+
 const memoryStorage = multer.memoryStorage()
 app.use(multer({ storage: memoryStorage }).single('file'))
 
diff --git a/app/controllers/auth.js b/app/controllers/auth.js
@@ -9,13 +9,14 @@ module.exports = {
     try {
       const user = await User.findByCredentials(email, password)
       const token = await user.generateAuthToken()
-      res.send({ user: user, token: token })
+      res.cookie("token", token, { httpOnly: true }).send({ user: user })
     } catch (error) {
       res.status(HttpStatus.BAD_REQUEST).json({ error: error.message })
     }
   },
   logout: (req, res, next) => {
     activityHelper.addActivityToDb(req, res)
+    res.clearCookie("token");
     res.status(HttpStatus.OK).json({ success: 'ok' })
   },
   logoutAll: (req, res, next) => {
diff --git a/app/controllers/email.js b/app/controllers/email.js
@@ -2,7 +2,7 @@ const sendgridMail = require('@sendgrid/mail')
 const ejs = require('ejs')
 const path = require('path')
 const sendGridApi = process.env.SENDGRID_API_KEY || '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'
-
+const SENDGRID_FROM_EMAIL_ADDRESS = process.env.SENDGRID_FROM_EMAIL_ADDRESS || 'services@codeuino.com';
 sendgridMail.setApiKey(sendGridApi)
 
 module.exports = {
@@ -14,7 +14,7 @@ module.exports = {
       } else {
         const message = {
           to: req.body.email,
-          from: 'services@codeuino.com',
+          from: SENDGRID_FROM_EMAIL_ADDRESS,
           subject: `Welcome to Donut ${req.body.name.firstName}`,
           html: data
         }
diff --git a/app/controllers/user.js b/app/controllers/user.js
@@ -12,6 +12,7 @@ const TAGS = require('../utils/notificationTags')
 const settingHelper = require('../utils/settingHelpers')
 const Activity = require('../models/Activity')
 const activityHelper = require('../utils/activity-helper')
+const formatUser = require('../utils/format-user')
 
 const notification = {
   heading: '',
@@ -47,7 +48,7 @@ module.exports = {
       await activity.save()
       // hide password
       user.password = undefined
-      return res.status(HttpStatus.CREATED).json({ user: user, token: token })
+      res.cookie("token", token, { httpOnly: true }).status(HttpStatus.CREATED).send({ user: user })
     } catch (error) {
       return res.status(HttpStatus.NOT_ACCEPTABLE).json({ error: error })
     }
@@ -90,6 +91,22 @@ module.exports = {
       HANDLER.handleError(res, error)
     }
   },
+  // Load User
+  loadUser: async (req, res, next) => {
+    try {
+      const id = req.params.id || req.user._id
+      const user = await User.findById({ _id: id })
+      if (!user) {
+        return res.status(HttpStatus.NOT_FOUND).json({ msg: 'No such user exist!' })
+      }
+      // hide password and tokens
+      user.password = undefined
+      user.tokens = []
+      return res.status(HttpStatus.OK).json({ user: user })
+    } catch (error) {
+      HANDLER.handleError(res, error)
+    }
+  },
 
   // USER PROFILE UPDATE
   userProfileUpdate: async (req, res, next) => {
@@ -479,5 +496,47 @@ module.exports = {
     } catch (error) {
       HANDLER.handleError(error)
     }
+  },
+  // Find User and Create if doesn't exist
+  findOrCreateForOAuth: async(profile, provider) => {
+    let user;
+    if(provider==='google'){
+      user = formatUser.formatUser(profile, provider)
+    }
+    try {
+      const existingUser = await User.findOne({
+        email: user.email
+      })
+      if (existingUser) {
+        const token = await existingUser.generateAuthToken()
+        return  {token, user: existingUser};
+      } else {
+        const newUser = new User(user)
+        const isRegisteredUserExists = await User.findOne({ firstRegister: true })
+        const Org = await Organization.find({}).lean().exec()
+        // for the first user who will be setting up the platform for their community
+        if (!isRegisteredUserExists) {
+          newUser.isAdmin = true
+          newUser.firstRegister = true
+        }
+        if (Org.length > 0) {
+          newUser.orgId = Org[0]._id
+        }
+        const data = await newUser.save()
+        if (!isRegisteredUserExists) {
+          settingHelper.addAdmin(data._id)
+        }
+        const token = await newUser.generateAuthToken()
+
+        // create redis db for activity for the user
+        const activity = new Activity({ userId: data._id })
+        await activity.save()
+        // hide password
+        data.password = undefined
+        return {token: token, user: data}
+      }
+    } catch(e) {
+      throw e;
+    }
   }
 }
diff --git a/app/middleware/auth.js b/app/middleware/auth.js
@@ -4,7 +4,10 @@ const HttpStatus = require('http-status-codes')
 
 const auth = async (req, res, next) => {
   try {
-    const token = req.header('Authorization').replace('Bearer ', '')
+    const token = req.cookies.token || '';
+    if(!token) {
+      throw Error("unauthorized access")
+    }
     const decoded = jwt.verify(token, 'process.env.JWT_SECRET')
     const user = await User.findOne({
       _id: decoded._id,
diff --git a/app/middleware/passport.js b/app/middleware/passport.js
@@ -0,0 +1,24 @@
+const passport = require('passport');
+const GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
+const user = require('../controllers/user');
+const GOOGLE_OAUTH_CLIENT_ID = process.env.GOOGLE_OAUTH_CLIENT_ID || '';
+const GOOGLE_OAUTH_CLIENT_SECRET = process.env.GOOGLE_OAUTH_CLIENT_SECRET || '';
+const GOOGLE_OAUTH_CALLBACK = process.env.GOOGLE_OAUTH_CALLBACK || '';
+
+passport.use(new GoogleStrategy({
+  clientID: GOOGLE_OAUTH_CLIENT_ID,
+  clientSecret: GOOGLE_OAUTH_CLIENT_SECRET,
+  callbackURL: GOOGLE_OAUTH_CALLBACK,
+  proxy: true
+}, (accessToken, refreshToken, profile, next) => {
+
+  const provider="google";
+  user.findOrCreateForOAuth(profile, provider)
+    .then(details => {
+      if (details) {
+        next(null, details);
+      } else {
+        next(null, false);
+      }
+    }).catch(err=>console.log(err))
+}));
diff --git a/app/models/User.js b/app/models/User.js
@@ -56,7 +56,6 @@ const UserSchema = new mongoose.Schema({
   password: {
     type: String,
     trim: true,
-    required: true,
     minlength: 6,
     validate (password) {
       if (!validator.isLength(password, { min: 6 })) {
@@ -67,6 +66,11 @@ const UserSchema = new mongoose.Schema({
       }
     }
   },
+  provider: {
+    type: String,
+    enum: ['google', 'github', 'email'],
+    default: 'email'
+  },
   socialMedia: {
     youtube: {
       type: String
diff --git a/app/routes/user.js b/app/routes/user.js
@@ -3,8 +3,9 @@ const router = express.Router()
 const userController = require('../controllers/user')
 const auth = require('../middleware/auth')
 const isUnderMaintenance = require('../middleware/maintenance')
+const passport = require('passport');
 // const email = require('../middleware/email')
-
+const afterAuthRedirect = (process.env.clientbaseurl + '/login') ||  'http://localhost:3000/login'
 // create a user
 router.post(
   '/',
@@ -13,6 +14,14 @@ router.post(
   userController.createUser
 )
 
+// load user (endpoint used to call when someone opens app)
+router.get(
+  '/load_user',
+  isUnderMaintenance,
+  auth,
+  userController.loadUser
+)
+
 // get user profile
 router.get(
   '/:id',
@@ -138,4 +147,24 @@ router.patch(
   userController.deactivateAccount
 )
 
+router.get(
+  '/auth/google',
+  isUnderMaintenance,
+  passport.authenticate('google', { scope: ['profile','email'], session: false })
+)
+
+router.get(
+  '/auth/google/callback',
+  isUnderMaintenance,
+  (req, res, next) => {
+    passport.authenticate('google', (err, details) => {
+      if(details.token===undefined || !details.token) {
+        res.redirect(afterAuthRedirect)
+      }else {
+        res.cookie("token", details.token, { httpOnly: true }).redirect(afterAuthRedirect);
+      }
+    })(req, res, next)
+  }
+)
+
 module.exports = router
diff --git a/app/utils/format-user.js b/app/utils/format-user.js
@@ -0,0 +1,19 @@
+module.exports = {
+  // accepts either google or github respose profile and format for insertion in db
+  formatUser: (profile, provider) => {
+    let formattedUser;
+
+    if(provider==='google') {
+      formattedUser = {
+        name: {
+          firstName: profile._json.given_name,
+          lastName: profile._json.family_name,
+        },
+        email: profile._json.email,
+        provider: provider,
+        isActivated: profile._json.email_verified
+      }
+    }
+    return formattedUser;
+  },
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
