Allow specifying redirect in auth plugin

Happens on text/html requests without auth
yamalight · Sep 10, 2020 · 01e5d38 · 01e5d38
1 parent d34deed
commit 01e5d38
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 4 deletions.
diff --git a/packages/graffiti-plugin-auth/README.md b/packages/graffiti-plugin-auth/README.md
@@ -21,6 +21,30 @@ module.exports = {
 };
 ```
 
+## Plugin settings
+
+Auth plugin accepts the following options during init:
+
+```js
+authPlugin({
+  // secret used as base for JWT generation and cookies
+  secret,
+  // number of salt rounds used in bcrypt (optional)
+  saltRounds = 10,
+  // cookie settings (optional)
+  cookie: {
+    domain = 'localhost',
+    httpOnly = true,
+    secure = false,
+    sameSite = false,
+  } = {},
+  // additional permit paths that are allowed without auth (optional)
+  permitPaths = [],
+  // redirect path, executed when user requests text/html and is not authed (optional)
+  redirectPath,
+});
+```
+
 ## Dev-mode auth forms
 
 For convenience, when running in development mode, auth plugin creates two pages `/dev/register` and `/dev/login` that allow you to register and login without setting up any front-end.

diff --git a/packages/graffiti-plugin-auth/index.js b/packages/graffiti-plugin-auth/index.js
@@ -71,6 +71,7 @@ module.exports = ({
     sameSite = false,
   } = {},
   permitPaths = [],
+  redirectPath,
 }) => {
   const hashPass = async (password) => {
     const salt = await bcrypt.genSalt(saltRounds);
@@ -98,6 +99,18 @@ module.exports = ({
       permitList.push('/dev/register');
     }
 
+    // function that either throws an error (for non-text requests)
+    // or redirects user to given URL (if any, for text/html requests)
+    const returnError = (request, reply, errorMessage) => {
+      // if request is coming for HTML and redirect is given - redirect to that URL
+      if (request.headers.accept.includes('text/html') && redirectPath) {
+        reply.redirect(redirectPath);
+        return;
+      }
+
+      throw new Error(errorMessage);
+    };
+
     // decorate server with verification method
     fastify.decorate('verifyJWT', async (request, reply) => {
       // if URL is permitted - return true
@@ -110,7 +123,7 @@ module.exports = ({
         request.cookies['graffiti-token'] ??
         request.raw.headers.authorization?.replace('Bearer ', '');
       if (!token) {
-        throw new Error('Missing token header');
+        return returnError(request, reply, 'Missing auth token!');
       }
 
       try {
@@ -122,19 +135,19 @@ module.exports = ({
         const user = await User.findById(decoded._id).lean();
 
         if (!user) {
-          throw new Error('Token not valid');
+          return returnError(request, reply, 'Token not valid!');
         }
 
         if (user.password !== decoded.password) {
-          throw new Error('Token not valid');
+          return returnError(request, reply, 'Token not valid!');
         }
 
         // assign user to request
         request.user = user;
 
         return true;
       } catch (e) {
-        throw new Error('Token not valid');
+        return returnError(request, reply, 'Token not valid!');
       }
     });