thunderhub/server/schema/auth/resolvers.ts

import getConfig from 'next/config';
import jwt from 'jsonwebtoken';
import {
  readCookie,
  refreshCookie,
  PRE_PASS_STRING,
} from 'server/helpers/fileHelpers';
import { ContextType } from 'server/types/apiTypes';
import { logger } from 'server/helpers/logger';
import cookie from 'cookie';
import { requestLimiter } from 'server/helpers/rateLimiter';
import bcrypt from 'bcryptjs';
import { appConstants } from 'server/utils/appConstants';

const { serverRuntimeConfig } = getConfig() || {};
const { cookiePath, nodeEnv } = serverRuntimeConfig || {};

export const authResolvers = {
  Query: {
    getAuthToken: async (
      _: undefined,
      params: any,
      context: ContextType
    ): Promise<boolean> => {
      const { ip, secret, sso, res } = context;
      await requestLimiter(ip, 'getAuthToken');

      if (!sso) {
        logger.warn('No SSO account available');
        return false;
      }

      if (!sso.socket || !sso.macaroon) {
        logger.warn('Host and macaroon are required for SSO');
        return false;
      }

      if (!params.cookie) {
        return false;
      }

      if (cookiePath === '') {
        logger.warn('SSO auth not available since no cookie path was provided');
        return false;
      }

      const cookieFile = readCookie(cookiePath);

      if (
        (cookieFile && cookieFile.trim() === params.cookie.trim()) ||
        nodeEnv === 'development'
      ) {
        refreshCookie(cookiePath);
        const token = jwt.sign({ id: 'sso' }, secret);

        res.setHeader(
          'Set-Cookie',
          cookie.serialize(appConstants.cookieName, token, {
            httpOnly: true,
            sameSite: true,
            path: '/',
          })
        );
        return true;
      }

      logger.debug(`Cookie ${params.cookie} different to file ${cookieFile}`);
      return false;
    },
    getSessionToken: async (
      _: undefined,
      params: any,
      context: ContextType
    ) => {
      const { ip, secret, res } = context;
      await requestLimiter(ip, 'getSessionToken');

      const account = context.accounts.find(a => a.id === params.id) || null;

      if (!account) {
        logger.debug(`Account ${params.id} not found`);
        return null;
      }

      const cleanPassword = account.password.replace(PRE_PASS_STRING, '');

      const isPassword = bcrypt.compareSync(params.password, cleanPassword);

      if (!isPassword) {
        throw new Error('WrongPasswordForLogin');
      }

      logger.debug(`Correct password for account ${params.id}`);
      const token = jwt.sign({ id: params.id }, secret);
      res.setHeader(
        'Set-Cookie',
        cookie.serialize(appConstants.cookieName, token, {
          httpOnly: true,
          sameSite: true,
          path: '/',
        })
      );
      return true;
    },
  },
  Mutation: {
    logout: async (_: undefined, __: any, context: ContextType) => {
      const { ip, res } = context;
      await requestLimiter(ip, 'logout');

      res.setHeader(
        'Set-Cookie',
        cookie.serialize(appConstants.cookieName, '', {
          maxAge: -1,
          httpOnly: true,
          sameSite: true,
          path: '/',
        })
      );
      return true;
    },
  },
};
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`import getConfig from 'next/config';`
			`import jwt from 'jsonwebtoken';`
fix: 🐛 hash password change 2020-07-16 00:08:46 +02:00			`import {`
			`readCookie,`
			`refreshCookie,`
			`PRE_PASS_STRING,`
			`} from 'server/helpers/fileHelpers';`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`import { ContextType } from 'server/types/apiTypes';`
			`import { logger } from 'server/helpers/logger';`
			`import cookie from 'cookie';`
			`import { requestLimiter } from 'server/helpers/rateLimiter';`
feat: ✨ hash config passwords 2020-07-15 12:14:16 +02:00			`import bcrypt from 'bcryptjs';`
chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`import { appConstants } from 'server/utils/appConstants';`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00
test: 🚨 more server unit tests (#70) * chore: 🔧 add tests * fix: 🐛 network info resolver * feat: ✨ init tests * chore: 🔧 improve test * chore: 🔧 more tests * chore: 🔧 bitcoin resolvers * chore: 🔧 more tests 2020-06-13 11:46:20 +02:00			`const { serverRuntimeConfig } = getConfig() \|\| {};`
			`const { cookiePath, nodeEnv } = serverRuntimeConfig \|\| {};`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00
			`export const authResolvers = {`
			`Query: {`
chore: 🔧 sso and login help 2020-08-05 23:44:05 +02:00			`getAuthToken: async (`
			`_: undefined,`
			`params: any,`
			`context: ContextType`
			`): Promise<boolean> => {`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`const { ip, secret, sso, res } = context;`
			`await requestLimiter(ip, 'getAuthToken');`

chore: 🔧 enable strict tsconfig (#96) * chore: 🔧 strict enable wip * Improve typings, add type dependencies (#97) We improve the TypeScript situation by enabling `noImplicitAny`. This leads to a bunch of errors, as expected. We fix some of these by installing the correct types, and some are fixed manually by an educated guess. There are still a lot left, and these seem to be a big mix of lacking types for the `ln-service` dependency and potential bugs. * Strict null (#100) * chore: 🔧 enable strict-null * chore: 🔧 more checks * chore: 🔧 some fixes * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 enable strict * fix: 🐛 input * fix: 🐛 forward report * fix: 🐛 chat sending * fix: 🐛 chat bubble input Co-authored-by: Torkel Rogstad <torkel@rogstad.io> 2020-07-21 23:31:12 +02:00			`if (!sso) {`
			`logger.warn('No SSO account available');`
chore: 🔧 sso and login help 2020-08-05 23:44:05 +02:00			`return false;`
chore: 🔧 enable strict tsconfig (#96) * chore: 🔧 strict enable wip * Improve typings, add type dependencies (#97) We improve the TypeScript situation by enabling `noImplicitAny`. This leads to a bunch of errors, as expected. We fix some of these by installing the correct types, and some are fixed manually by an educated guess. There are still a lot left, and these seem to be a big mix of lacking types for the `ln-service` dependency and potential bugs. * Strict null (#100) * chore: 🔧 enable strict-null * chore: 🔧 more checks * chore: 🔧 some fixes * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 enable strict * fix: 🐛 input * fix: 🐛 forward report * fix: 🐛 chat sending * fix: 🐛 chat bubble input Co-authored-by: Torkel Rogstad <torkel@rogstad.io> 2020-07-21 23:31:12 +02:00			`}`

chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`if (!sso.socket \|\| !sso.macaroon) {`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`logger.warn('Host and macaroon are required for SSO');`
chore: 🔧 sso and login help 2020-08-05 23:44:05 +02:00			`return false;`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`}`

			`if (!params.cookie) {`
chore: 🔧 sso and login help 2020-08-05 23:44:05 +02:00			`return false;`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`}`

			`if (cookiePath === '') {`
			`logger.warn('SSO auth not available since no cookie path was provided');`
chore: 🔧 sso and login help 2020-08-05 23:44:05 +02:00			`return false;`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`}`

			`const cookieFile = readCookie(cookiePath);`

chore: 🔧 sso auth improvements 2020-06-11 07:50:49 +02:00			`if (`
chore: 🔧 enable strict tsconfig (#96) * chore: 🔧 strict enable wip * Improve typings, add type dependencies (#97) We improve the TypeScript situation by enabling `noImplicitAny`. This leads to a bunch of errors, as expected. We fix some of these by installing the correct types, and some are fixed manually by an educated guess. There are still a lot left, and these seem to be a big mix of lacking types for the `ln-service` dependency and potential bugs. * Strict null (#100) * chore: 🔧 enable strict-null * chore: 🔧 more checks * chore: 🔧 some fixes * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 more types * chore: 🔧 enable strict * fix: 🐛 input * fix: 🐛 forward report * fix: 🐛 chat sending * fix: 🐛 chat bubble input Co-authored-by: Torkel Rogstad <torkel@rogstad.io> 2020-07-21 23:31:12 +02:00			`(cookieFile && cookieFile.trim() === params.cookie.trim()) \|\|`
chore: 🔧 sso auth improvements 2020-06-11 07:50:49 +02:00			`nodeEnv === 'development'`
			`) {`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`refreshCookie(cookiePath);`
chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`const token = jwt.sign({ id: 'sso' }, secret);`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00
			`res.setHeader(`
			`'Set-Cookie',`
chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`cookie.serialize(appConstants.cookieName, token, {`
			`httpOnly: true,`
			`sameSite: true,`
			`path: '/',`
			`})`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`);`
			`return true;`
			`}`

chore: 🔧 sso auth improvements 2020-06-11 07:50:49 +02:00			logger.debug(`Cookie ${params.cookie} different to file ${cookieFile}`);
chore: 🔧 sso and login help 2020-08-05 23:44:05 +02:00			`return false;`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`},`
			`getSessionToken: async (`
			`_: undefined,`
			`params: any,`
			`context: ContextType`
			`) => {`
			`const { ip, secret, res } = context;`
			`await requestLimiter(ip, 'getSessionToken');`

			`const account = context.accounts.find(a => a.id === params.id) \|\| null;`

			`if (!account) {`
			logger.debug(`Account ${params.id} not found`);
			`return null;`
			`}`

fix: 🐛 hash password change 2020-07-16 00:08:46 +02:00			`const cleanPassword = account.password.replace(PRE_PASS_STRING, '');`

			`const isPassword = bcrypt.compareSync(params.password, cleanPassword);`
feat: ✨ hash config passwords 2020-07-15 12:14:16 +02:00
			`if (!isPassword) {`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`throw new Error('WrongPasswordForLogin');`
			`}`
feat: ✨ hash config passwords 2020-07-15 12:14:16 +02:00
			logger.debug(`Correct password for account ${params.id}`);
chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`const token = jwt.sign({ id: params.id }, secret);`
feat: ✨ hash config passwords 2020-07-15 12:14:16 +02:00			`res.setHeader(`
			`'Set-Cookie',`
chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`cookie.serialize(appConstants.cookieName, token, {`
feat: ✨ hash config passwords 2020-07-15 12:14:16 +02:00			`httpOnly: true,`
			`sameSite: true,`
chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`path: '/',`
feat: ✨ hash config passwords 2020-07-15 12:14:16 +02:00			`})`
			`);`
			`return true;`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`},`
			`},`
			`Mutation: {`
fix: 🐛 query ssr and login redirect 2020-08-25 08:47:43 +02:00			`logout: async (_: undefined, __: any, context: ContextType) => {`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`const { ip, res } = context;`
			`await requestLimiter(ip, 'logout');`

chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`res.setHeader(`
			`'Set-Cookie',`
fix: 🐛 query ssr and login redirect 2020-08-25 08:47:43 +02:00			`cookie.serialize(appConstants.cookieName, '', {`
			`maxAge: -1,`
			`httpOnly: true,`
			`sameSite: true,`
			`path: '/',`
			`})`
chore: 🔧 remove client (#111) * chore: 🔧 remove client * chore: 🔧 change cookie name * chore: 🔧 remove auth param * chore: 🔧 remove auth components * chore: 🔧 add getaccount query * fix: 🐛 tests * chore: 🔧 get account * chore: 🔧 status check * chore: 🔧 remove log * chore: 🔧 update apollo client * refactor: ♻️ server side props * chore: 🔧 ssr queries * chore: 🔧 more ssr queries * chore: 🔧 type check * chore: 🔧 increase nodeinfo limit Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-08-03 16:31:20 +02:00			`);`
refactor: ♻️ server structure (#52) * refactor: ♻️ change schema * chore: 🔧 small changes * chore: 🔧 cleanup * chore: 🔧 cleanup types * chore: 🔧 change to absolute imports Co-authored-by: apotdevin <apotdevincab@gmail.com> 2020-06-01 08:36:33 +02:00			`return true;`
			`},`
			`},`
			`};`