Create users, validate credentials

Swizec · Swizec · commit 760ff7596d50 · 2021-02-15T07:07:26.000-08:00
diff --git a/examples/serverless-auth-example/package.json b/examples/serverless-auth-example/package.json
@@ -20,8 +20,10 @@
   "dependencies": {
     "@types/aws-lambda": "^8.10.72",
     "@types/crypto-js": "^4.0.1",
+    "@types/lodash.omit": "^4.5.6",
     "aws-lambda": "^1.0.6",
     "crypto-js": "^4.0.0",
+    "lodash.omit": "^4.5.0",
     "simple-dynamodb": "^1.0.1",
     "typescript": "^4.1.5",
     "uuid": "^8.3.2"
diff --git a/examples/serverless-auth-example/serverless.yml b/examples/serverless-auth-example/serverless.yml
@@ -40,9 +40,10 @@ resources:
             KeyType: HASH
         ProvisionedThroughput:
           ReadCapacityUnits: 1
-          WriteCapacityUntis: 1
+          WriteCapacityUnits: 1
         TableName: ${self:provider.environment.USER_TABLE}
 
 package:
   exclude:
     - node_modules/typescript/**
+    - node_modules/@types/**
diff --git a/examples/serverless-auth-example/src/auth.ts b/examples/serverless-auth-example/src/auth.ts
@@ -1,9 +1,19 @@
 import { APIGatewayEvent } from "aws-lambda"
 import * as db from "simple-dynamodb"
 import sha256 from "crypto-js/sha256"
+import omit from "lodash.omit"
 
 function response(statusCode: number, body: any) {
-  return { statusCode, body: JSON.stringify(body) }
+  return {
+    statusCode,
+    // permissive CORS headers
+    headers: {
+      "Access-Control-Allow-Headers": "Content-Type",
+      "Access-Control-Allow-Origin": "*",
+      "Access-Control-Allow-Methods": "OPTIONS,POST,GET",
+    },
+    body: JSON.stringify(body),
+  }
 }
 
 // Hashing your password before saving is critical
@@ -15,6 +25,21 @@ function hashPassword(username: string, password: string) {
   ).toString()
 }
 
+async function createUser(username: string, password: string) {
+  const result = await db.updateItem({
+    TableName: process.env.USER_TABLE!,
+    Key: {
+      username,
+    },
+    UpdateExpression: `SET password = :password, createdAt = :createdAt`,
+    ExpressionAttributeValues: {
+      ":password": hashPassword(username, password),
+      ":createdAt": new Date().toISOString(),
+    },
+  })
+  return result.Attributes
+}
+
 // Logs you in based on username/password combo
 // Creates user on first login
 export const login = async (event: APIGatewayEvent) => {
@@ -27,30 +52,30 @@ export const login = async (event: APIGatewayEvent) => {
     })
   }
 
-  // username is the key, which means it must be unique
-  let user = await db.getItem({
+  // find user in database
+  let { Item: user } = await db.getItem({
     TableName: process.env.USER_TABLE!,
     Key: {
+      // username is the key, which means it must be unique
       username,
     },
   })
 
   if (!user) {
     // user was not found, create
-    user = await db.updateItem({
-      TableName: process.env.USER_TABLE!,
-      Key: {
-        username,
-      },
-      UpdateExpression: `SET password = :password, createdAt = :createdAt`,
-      ExpressionAttributeValues: {
-        ":password": hashPassword(username, password),
-        ":createdAt": new Date().toISOString(),
-      },
-    })
+    user = await createUser(username, password)
   } else {
     // check credentials
+    if (hashPassword(username, password) !== user.password) {
+      // 🚨
+      return response(401, {
+        status: "error",
+        error: "Bad username/password combination",
+      })
+    }
   }
 
-  return response(200, user)
+  // user was created or has valid credentials
+
+  return response(200, omit(user, "password"))
 }
diff --git a/examples/serverless-auth-example/yarn.lock b/examples/serverless-auth-example/yarn.lock
@@ -12,6 +12,18 @@
   resolved "https://registry.yarnpkg.com/@types/crypto-js/-/crypto-js-4.0.1.tgz#3a4bd24518b0e6c5940da4e2659eeb2ef0806963"
   integrity sha512-6+OPzqhKX/cx5xh+yO8Cqg3u3alrkhoxhE5ZOdSEv0DOzJ13lwJ6laqGU0Kv6+XDMFmlnGId04LtY22PsFLQUw==
 
+"@types/lodash.omit@^4.5.6":
+  version "4.5.6"
+  resolved "https://registry.yarnpkg.com/@types/lodash.omit/-/lodash.omit-4.5.6.tgz#f2a9518259e481a48ff7ec423420fa8fd58933e2"
+  integrity sha512-KXPpOSNX2h0DAG2w7ajpk7TXvWF28ZHs5nJhOJyP0BQHkehgr948RVsToItMme6oi0XJkp19CbuNXkIX8FiBlQ==
+  dependencies:
+    "@types/lodash" "*"
+
+"@types/lodash@*":
+  version "4.14.168"
+  resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.168.tgz#fe24632e79b7ade3f132891afff86caa5e5ce008"
+  integrity sha512-oVfRvqHV/V6D1yifJbVRU3TMp8OT6o6BG+U9MkwuJ3U8/CsDHvalRpsxBqivn71ztOFZBTfJMvETbqHiaNSj7Q==
+
 argparse@^1.0.7:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
@@ -116,6 +128,11 @@ js-yaml@^3.13.1:
     argparse "^1.0.7"
     esprima "^4.0.0"
 
+lodash.omit@^4.5.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.omit/-/lodash.omit-4.5.0.tgz#6eb19ae5a1ee1dd9df0b969e66ce0b7fa30b5e60"
+  integrity sha1-brGa5aHuHdnfC5aeZs4Lf6MLXmA=
+
 punycode@1.3.2:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.3.2.tgz#9653a036fb7c1ee42342f2325cceefea3926c48d"
