Dependancy and credentials update

Updated the Bcrypt dependency and credentials
jimmylee · Nov 3, 2020 · fd69209 · fd69209
1 parent e66d8cf
commit fd69209
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 47 deletions.
diff --git a/common/credentials.js b/common/credentials.js
@@ -1,8 +1,9 @@
-if (process.env.NODE_ENV !== 'production') {
-  require('dotenv').config();
+if (process.env.NODE_ENV !== "production") {
+  require("dotenv").config();
 }
 
 export const CLIENT_ID = process.env.CLIENT_ID;
 export const CLIENT_SECRET = process.env.CLIENT_SECRET;
-export const REDIRECT_URIS = 'http://localhost:1337/sign-in-confirm';
+export const PASSWORD_SECRET = process.env.PASSWORD_SECRET;
+export const REDIRECT_URIS = "http://localhost:1337/sign-in-confirm";
 export const JWT_SECRET = process.env.JWT_SECRET;
diff --git a/package.json b/package.json
@@ -15,7 +15,7 @@
     "@loadable/component": "^5.12.0",
     "babel-plugin-emotion": "^9.2.11",
     "babel-plugin-module-resolver": "^4.0.0",
-    "bcrypt": "^3.0.8",
+    "bcrypt": "^5.0.0",
     "body-parser": "^1.19.0",
     "compression": "^1.7.4",
     "cookie-parser": "^1.4.4",

diff --git a/routes/sign-in-confirm.js b/routes/sign-in-confirm.js
@@ -1,37 +1,45 @@
-import * as Credentials from '~/common/credentials';
-import * as Data from '~/common/data';
-import * as Strings from '~/common/strings';
+import * as Credentials from "~/common/credentials";
+import * as Data from "~/common/data";
+import * as Strings from "~/common/strings";
 
-import JWT from 'jsonwebtoken';
-import BCrypt from 'bcrypt';
+import JWT from "jsonwebtoken";
+import BCrypt from "bcrypt";
 
-const google = require('googleapis').google;
+const google = require("googleapis").google;
 const OAuth2 = google.auth.OAuth2;
 
 export default async (req, res, app) => {
-  const client = new OAuth2(Credentials.CLIENT_ID, Credentials.CLIENT_SECRET, Credentials.REDIRECT_URIS);
+  const client = new OAuth2(
+    Credentials.CLIENT_ID,
+    Credentials.CLIENT_SECRET,
+    Credentials.REDIRECT_URIS
+  );
 
   if (req.query.error) {
-    return res.redirect('/sign-in-error');
+    return res.redirect("/sign-in-error");
   }
 
   client.getToken(req.query.code, async (error, token) => {
     if (error) {
-      return res.redirect('/sign-in-error');
+      return res.redirect("/sign-in-error");
     }
 
     const jwt = JWT.sign(token, Credentials.JWT_SECRET);
-    const client = new OAuth2(Credentials.CLIENT_ID, Credentials.CLIENT_SECRET, Credentials.REDIRECT_URIS);
+    const client = new OAuth2(
+      Credentials.CLIENT_ID,
+      Credentials.CLIENT_SECRET,
+      Credentials.REDIRECT_URIS
+    );
     client.credentials = JWT.verify(jwt, Credentials.JWT_SECRET);
 
     const people = google.people({
-      version: 'v1',
+      version: "v1",
       auth: client,
     });
 
     const response = await people.people.get({
-      resourceName: 'people/me',
-      personFields: 'emailAddresses,names,organizations,memberships',
+      resourceName: "people/me",
+      personFields: "emailAddresses,names,organizations,memberships",
     });
 
     const email = response.data.emailAddresses[0].value;
@@ -44,7 +52,7 @@ export default async (req, res, app) => {
       const salt = BCrypt.genSaltSync(10);
       const hash = BCrypt.hashSync(password, salt);
       const double = BCrypt.hashSync(hash, salt);
-      const triple = BCrypt.hashSync(double, process.env.PASSWORD_SECRET);
+      const triple = BCrypt.hashSync(double, Credentials.PASSWORD_SECRET);
 
       user = await Data.createUser({
         email,
@@ -59,20 +67,34 @@ export default async (req, res, app) => {
       const organization = await Data.getOrganizationByDomain({ domain });
 
       if (!organization) {
-        const companyName = domain.split('.')[0];
+        const companyName = domain.split(".")[0];
         await Data.createOrganization({
           domain,
-          data: { name: Strings.capitalizeFirstLetter(companyName), tier: 0, ids: [user.id], admins: [] },
+          data: {
+            name: Strings.capitalizeFirstLetter(companyName),
+            tier: 0,
+            ids: [user.id],
+            admins: [],
+          },
         });
       }
     }
 
     if (user.error) {
-      return app.render(req, res, '/sign-in-error', { jwt: null, viewer: null });
+      return app.render(req, res, "/sign-in-error", {
+        jwt: null,
+        viewer: null,
+      });
     }
 
-    const authToken = JWT.sign({ user: user.id, email: user.email }, Credentials.JWT_SECRET);
+    const authToken = JWT.sign(
+      { user: user.id, email: user.email },
+      Credentials.JWT_SECRET
+    );
 
-    return app.render(req, res, '/sign-in-confirm', { jwt: authToken, viewer: user });
+    return app.render(req, res, "/sign-in-confirm", {
+      jwt: authToken,
+      viewer: user,
+    });
   });
 };
diff --git a/server.js b/server.js
@@ -1,13 +1,14 @@
-import * as Middleware from '~/common/middleware';
-import * as Data from '~/common/data';
-import * as Routes from '~/routes';
+import * as Middleware from "~/common/middleware";
+import * as Credentials from "~/common/credentials";
+import * as Data from "~/common/data";
+import * as Routes from "~/routes";
 
-import express from 'express';
-import next from 'next';
-import bodyParser from 'body-parser';
-import compression from 'compression';
+import express from "express";
+import next from "next";
+import bodyParser from "body-parser";
+import compression from "compression";
 
-const dev = process.env.NODE_ENV !== 'production';
+const dev = process.env.NODE_ENV !== "production";
 const port = process.env.PORT || 1337;
 const app = next({ dev, quiet: false });
 const nextRequestHandler = app.getRequestHandler();
@@ -20,64 +21,68 @@ app.prepare().then(() => {
   }
 
   server.use(Middleware.CORS);
-  server.use('/public', express.static('public'));
+  server.use("/public", express.static("public"));
   server.use(bodyParser.json());
   server.use(
     bodyParser.urlencoded({
       extended: false,
     })
   );
 
-  server.post('/api/sign-in', async (req, res) => {
+  server.post("/api/sign-in", async (req, res) => {
     return await Routes.api.signIn(req, res);
   });
 
-  server.post('/api/users/delete', async (req, res) => {
+  server.post("/api/users/delete", async (req, res) => {
     return await Routes.api.viewerDelete(req, res);
   });
 
-  server.get('/', async (req, res) => {
+  server.get("/", async (req, res) => {
     return await Routes.signIn(req, res, app);
   });
 
-  server.get('/sign-in-confirm', async (req, res) => {
+  server.get("/sign-in-confirm", async (req, res) => {
     return await Routes.signInConfirm(req, res, app);
   });
 
-  server.get('/sign-in-success', Middleware.RequireCookieAuthentication, async (req, res) => {
-    return await Routes.signInSuccess(req, res, app);
-  });
+  server.get(
+    "/sign-in-success",
+    Middleware.RequireCookieAuthentication,
+    async (req, res) => {
+      return await Routes.signInSuccess(req, res, app);
+    }
+  );
 
-  server.get('/sign-in-error', async (req, res) => {
+  server.get("/sign-in-error", async (req, res) => {
     const { viewer } = await Data.getViewer(req);
 
     if (!viewer || viewer.error) {
-      return app.render(req, res, '/sign-in-error', { viewer: null });
+      return app.render(req, res, "/sign-in-error", { viewer: null });
     }
 
-    return app.render(req, res, '/sign-in-error', { viewer });
+    return app.render(req, res, "/sign-in-error", { viewer });
   });
 
-  server.get('/sign-out', async (req, res) => {
+  server.get("/sign-out", async (req, res) => {
     const { viewer } = await Data.getViewer(req);
 
     if (!viewer || viewer.error) {
-      return app.render(req, res, '/sign-in-error', { viewer: null });
+      return app.render(req, res, "/sign-in-error", { viewer: null });
     }
 
-    return app.render(req, res, '/sign-out', { viewer });
+    return app.render(req, res, "/sign-out", { viewer });
   });
 
   /* prettier-ignore */
   server.get('/([\$]):name', async (req, res) => {
     return await Routes.targetOrganization(req, res, app);
   });
 
-  server.get('*', async (req, res) => {
+  server.get("*", async (req, res) => {
     return nextRequestHandler(req, res, req.url);
   });
 
-  server.listen(port, err => {
+  server.listen(port, (err) => {
     if (err) {
       throw err;
     }