Upgrading Hapi and JWT validation to latest version

30
November 24, 2020, at 6:40 PM

I've been asked to update an old project to the latest dependencies, and I'm facing some troubles with JWT authentication.

Here's the incriminated method

Auth.replyWithToken = function (textok, results, reply) {
    //successlog.info('Creating token for session ID: ' + results.sessionID);
    successlog.info('\tAuth.replyWithToken\Create token for session\t' + results.sessionID + '\t\t');
    if (results.sessionID) {
        var JWT = require('jsonwebtoken');
        var obj = { "sessionid": results.sessionID, "username": results.userName }; // object/info you want to sign 
        var token = JWT.sign(obj, Consts.authKey);
        var cookie_options = {
            ttl: 365 * 24 * 60 * 60 * 1000, // expires a year from today 
            encoding: 'none',    // we already used JWT to encode
            isSecure: false,      // warm & fuzzy feelings
            isHttpOnly: true,    // prevent client alteration
            clearInvalid: false, // remove invalid cookies
            isSameSite: false,
            strictHeader: true   // don't allow violations of RFC 6265
        };
        //reply({text: textok + ' ok'})
        results["token"] = token;
        reply(results)
            .header("Authorization", token)
            .state("token", token, cookie_options); //setto il cookie
    }
    else {
        return reply(Boom.unauthorized('Invalid login or password'));
    }
}

Not that's the old code... my code, using the new parameter passed is

auth.replyWithToken = function ( responseObject, h) {
    //logger.info('Creating token for session ID: ' + results.session_id);
    logger.info('\tAuth.replyWithToken\Create token for session\t' + responseObject.session_id + '\t\t');
    if (response.session_id) {

        var JWT = require('jsonwebtoken');
        var obj = { "sessionid": responseObject.session_id, "username": responseObject.username }; // object/info you want to sign 
        var token = JWT.sign(obj, consts.authKey);
        logger.log(token);
        
        response["token"] = token; <- I got an error that response is not defined, where should I get it?
        
return ??????? what do I have to return here
    }
    //else {
    //    return reply(boom.unauthorized('Invalid login or password'));
    //}
}

How should I set the response's token?

Thanks

READ ALSO
my get request does not work but changing it to a post works

my get request does not work but changing it to a post works

I have a get request that should return all of the logged-in user's project they created, I believe the code was written wellwhen I run it on postman I consistently get a 401 unauthorised error, but when I change the request to patch for example, and I also run a patch request...

21
Google mobile friendly url testing tool giving 502 error

Google mobile friendly url testing tool giving 502 error

I am using google search console's URL testing tools API for a while, and I am receiving a bunch of 502 bad gateway errorsI had submitted a quota increase request to bump up our default requests per day and described that we needed an increase in requests...

50