rss-unlimited/server/security.js

const crypto = require('crypto')
const uuid = require('uuid/v4')
const jwt = require('jsonwebtoken')
const SECRET = 'scale action palace measure'

const genSeed = uuid

const genKey = ({format = '###-###', alphabet = 'ABCDEFGHJKMNPQRSTUVWXYZ23456789'} = {}) => {
  const c = () => alphabet[Math.floor(Math.random() * alphabet.length)]
  return format.replace(/#/g, c)
}

const hashPassword = ({password, seed, email}) => {
  if (!password) throw new Error('Missing password')
  if (!seed) throw new Error('Missing seed')
  if (!email) throw new Error('Missing email')
  email = email.toLowerCase().trim()
  password = password.trim()
  const hash = crypto.createHash('sha256')
  hash.update(`${password},${seed},${email}`)
  const result = hash.digest('base64')
  return result
}

const createToken = user => jwt.sign({
  email: user.email,
  name: user.name,
}, SECRET, { expiresIn: '2 days' })

const validate = token => jwt.verify(token, SECRET, { complete: true })

const authorize = (...claims) => (req, res, next) => {
  const reg = /^Bearer (.*)$/.exec(req.headers.authorization)
  let decoded
  if (reg && (decoded = validate(reg[1]))) {
    if (claims.every(claim => decoded[claim])) {
      req.identity = decoded.payload
      next()
    } else {
      res.status(403).send('Access denied')
    }
  } else {
    res.status(401).send('Authorization required')
  }
}

module.exports = { hashPassword, genSeed, createToken, validate, authorize, genKey }