API endpoints are now login-protected with session support. Not in front-end yet.

package.json

@@ -8,6 +8,7 @@
     "start": "npm run-script dev"
   },
   "dependencies": {
-    "concurrently": "^4.0.1"
+    "concurrently": "^4.0.1",
+    "express-session": "^1.17.1"
   }
 }

server/app.ts

@@ -60,46 +60,50 @@ const SetupApp = (app: any, knex: Knex, apiBaseUrl: string) => {
                 } catch (error) { cb(error); }
             })();
         }));
-    // passport.serializeUser(function (user: any, cb: any) {
-    //     cb(null, user.id);
-    // });
-    // passport.deserializeUser(function (id: number, cb: any) {
-    //     (async () => {
-    //         try {
-    //             const user = await knex.select(['email', 'passwordHash', 'id'])
-    //                 .from('users')
-    //                 .where({ 'id': id })
-    //                 .then((users: any) => users[0]);
-    //             if (!user) { cb(null, false); }
-    //             return cb(null, user);
-    //         } catch (error) { cb(error); }
-    //     })();
-    // });
+    passport.serializeUser(function (user: any, cb: any) {
+        cb(null, user.id);
+    });
+    passport.deserializeUser(function (id: number, cb: any) {
+        (async () => {
+            try {
+                const user = await knex.select(['email', 'passwordHash', 'id'])
+                    .from('users')
+                    .where({ 'id': id })
+                    .then((users: any) => users[0]);
+                if (!user) { cb(null, false); }
+                return cb(null, user);
+            } catch (error) { cb(error); }
+        })();
+    });
 
+    app.use(require('express-session')({ secret: 'keyboard cat', resave: false, saveUninitialized: false }));
     app.use(passport.initialize());
-    //app.use(passport.session());
+    app.use(passport.session());
 
     const _invoke = (handler: endpointTypes.EndpointHandler) => {
         return invokeHandler(handler, knex);
     }
 
+    const checkLogin = require('connect-ensure-login').ensureLoggedIn;
+
     // Set up REST API endpoints
-    app.post(apiBaseUrl + api.CreateSongEndpoint, _invoke(CreateSongEndpointHandler));
-    app.post(apiBaseUrl + api.QueryEndpoint, _invoke(QueryEndpointHandler));
-    app.post(apiBaseUrl + api.CreateArtistEndpoint, _invoke(CreateArtistEndpointHandler));
-    app.put(apiBaseUrl + api.ModifyArtistEndpoint, _invoke(ModifyArtistEndpointHandler));
-    app.put(apiBaseUrl + api.ModifySongEndpoint, _invoke(ModifySongEndpointHandler));
-    app.get(apiBaseUrl + api.SongDetailsEndpoint, passport.authenticate('local', { session: false }), _invoke(SongDetailsEndpointHandler));
-    app.get(apiBaseUrl + api.ArtistDetailsEndpoint, _invoke(ArtistDetailsEndpointHandler));
-    app.post(apiBaseUrl + api.CreateTagEndpoint, _invoke(CreateTagEndpointHandler));
-    app.put(apiBaseUrl + api.ModifyTagEndpoint, _invoke(ModifyTagEndpointHandler));
-    app.get(apiBaseUrl + api.TagDetailsEndpoint, _invoke(TagDetailsEndpointHandler));
-    app.post(apiBaseUrl + api.CreateAlbumEndpoint, _invoke(CreateAlbumEndpointHandler));
-    app.put(apiBaseUrl + api.ModifyAlbumEndpoint, _invoke(ModifyAlbumEndpointHandler));
-    app.get(apiBaseUrl + api.AlbumDetailsEndpoint, _invoke(AlbumDetailsEndpointHandler));
-    app.delete(apiBaseUrl + api.DeleteTagEndpoint, _invoke(DeleteTagEndpointHandler));
-    app.post(apiBaseUrl + api.MergeTagEndpoint, _invoke(MergeTagEndpointHandler));
+    app.post(apiBaseUrl + api.CreateSongEndpoint, checkLogin(), _invoke(CreateSongEndpointHandler));
+    app.post(apiBaseUrl + api.QueryEndpoint, checkLogin(), _invoke(QueryEndpointHandler));
+    app.post(apiBaseUrl + api.CreateArtistEndpoint, checkLogin(), _invoke(CreateArtistEndpointHandler));
+    app.put(apiBaseUrl + api.ModifyArtistEndpoint, checkLogin(), _invoke(ModifyArtistEndpointHandler));
+    app.put(apiBaseUrl + api.ModifySongEndpoint, checkLogin(), _invoke(ModifySongEndpointHandler));
+    app.get(apiBaseUrl + api.SongDetailsEndpoint, checkLogin(), _invoke(SongDetailsEndpointHandler));
+    app.get(apiBaseUrl + api.ArtistDetailsEndpoint, checkLogin(), _invoke(ArtistDetailsEndpointHandler));
+    app.post(apiBaseUrl + api.CreateTagEndpoint, checkLogin(), _invoke(CreateTagEndpointHandler));
+    app.put(apiBaseUrl + api.ModifyTagEndpoint, checkLogin(), _invoke(ModifyTagEndpointHandler));
+    app.get(apiBaseUrl + api.TagDetailsEndpoint, checkLogin(), _invoke(TagDetailsEndpointHandler));
+    app.post(apiBaseUrl + api.CreateAlbumEndpoint, checkLogin(), _invoke(CreateAlbumEndpointHandler));
+    app.put(apiBaseUrl + api.ModifyAlbumEndpoint, checkLogin(), _invoke(ModifyAlbumEndpointHandler));
+    app.get(apiBaseUrl + api.AlbumDetailsEndpoint, checkLogin(), _invoke(AlbumDetailsEndpointHandler));
+    app.delete(apiBaseUrl + api.DeleteTagEndpoint, checkLogin(), _invoke(DeleteTagEndpointHandler));
+    app.post(apiBaseUrl + api.MergeTagEndpoint, checkLogin(), _invoke(MergeTagEndpointHandler));
     app.post(apiBaseUrl + api.RegisterUserEndpoint, _invoke(RegisterUserEndpointHandler));
+    app.post('/login', passport.authenticate('local'), (req: any, res: any) => { res.status(200).send(); });
 }
 
 export { SetupApp }

server/package-lock.json

@@ -779,6 +779,11 @@
         "xdg-basedir": "^4.0.0"
       }
     },
+    "connect-ensure-login": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/connect-ensure-login/-/connect-ensure-login-0.1.1.tgz",
+      "integrity": "sha1-F03MUSQ7nqwj+NmCFa62aU4uihI="
+    },
     "console-control-strings": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",

server/package.json

@@ -11,6 +11,7 @@
     "body-parser": "^1.18.3",
     "chai": "^4.2.0",
     "chai-http": "^4.3.0",
+    "connect-ensure-login": "^0.1.1",
     "express": "^4.16.4",
     "jasmine": "^3.5.0",
     "js-sha512": "^0.8.0",