WIP: Major Refactor

[coolaj86]

I broke everything down into pluggable, debuggable component pieces:

Before:

auth3000.google(opts);
app.use('/api/authn/', auth3000);

After

  app.use("/api/authn/", libauth.initialize());

  app.post(
    "/api/authn/session/credentials",
    libauth.credentials(),
    MyDB.getUserClaimsByPassword,
    libauth.newSession(),
    libauth.setClaims(),
    libauth.setTokens(),
    libauth.setCookie(),
    MyDB.updateSessionId,
    libauth.setCookieHeader(),
    libauth.sendTokens(),
  );

  // Magic Link
  app.post(
    "/api/authn/challenge/order",
    magic.setOrderParams,
    magic.newLink,
    magic.storeOrder,
    MyDB.notify,
    magic.sendOrder,
  );

  app.get(
    "/api/authn/challenge/status",
    magic.setOrderParams,
    magic.getOrderById, // TODO status
    magic.checkStatus,
    magic.sendReceipt,
  );

  app.post(
    // "/api/authn/session/magic/link",
    "/api/authn/challenge/finalize",
    magic.setOrderParams,
    magic.getOrderById, // TODO status
    magic.verifyOrder,
    magic.storeOrder,
    magic.catchFailure,
    MyDB.getUserClaimsByIdentifier,
    libauth.newSession(),
    libauth.setClaims(),
    libauth.setTokens(),
    libauth.setCookie(),
    MyDB.updateSessionId,
    libauth.setCookieHeader(),
    libauth.sendTokens(),
  );

  // Google Sign In
  let googleOidc = libauth.oidc(
    require("../plugins/oidc-google/")({
      clientId: process.env.GOOGLE_CLIENT_ID,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
      // TODO handle url relative to issuer
      //redirectUri: "/api/authn/session/oidc/accounts.google.com/redirect",
    }),
  );
  app.get(
    //"/api/authn/oidc/accounts.google.com/authorization_redirect",
    "/api/authn/session/oidc/accounts.google.com/redirect",
    googleOidc.authorizationRedirect,
    googleOidc.exchangeCode,
    googleOidc.exchangeToken,
    MyDB.getUserClaimsByOidcEmail,
    libauth.newSession(),
    libauth.setClaims(),
    libauth.setTokens(),
    libauth.setCookie(),
    MyDB.updateSessionId,
    libauth.setCookieHeader(),
    libauth.redirectWithTokens("/my-account"),
  );
  app.post(
    "/api/authn/session/oidc/accounts.google.com/token",
    googleOidc.exchangeToken,
    MyDB.getUserClaimsByOidcEmail,
    libauth.newSession(),
    libauth.setClaims(),
    libauth.setTokens(),
    libauth.setCookie(),
    MyDB.updateSessionId,
    libauth.setCookieHeader(),
    libauth.sendTokens(),
  );

I believe all the routes are ready, but it needs just a little finalization of route names and tests need to be rerun.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@root/async-router@1.0.14	None	0	13.5 kB	coolaj86
npm/@root/request@1.9.2	environment, filesystem, network	0	50.4 kB	coolaj86
npm/@types/cookie-parser@1.4.7	None	0	5.67 kB	types
npm/@types/express@4.17.21	None	+9	108 kB	types
npm/@types/node@16.18.108	None	0	1.8 MB	types
npm/body-parser@1.20.3	network Transitive: environment, eval, filesystem, unsafe	+36	1.5 MB	ulisesgascon
npm/cookie-parser@1.4.6	None	+2	34.1 kB	dougwilson
npm/express@4.21.0	environment, filesystem, network Transitive: eval, unsafe	+59	1.68 MB	wesleytodd

🚮 Removed packages: npm/@root/async-router@1.0.9, npm/@root/request@1.8.0, npm/@types/cookie-parser@1.4.2, npm/@types/express@4.17.13, npm/@types/node@16.7.8, npm/body-parser@1.19.0, npm/cookie-parser@1.4.5, npm/express@4.17.1

View full report↗︎