-
Notifications
You must be signed in to change notification settings - Fork 235
/
Copy pathindex.js
128 lines (120 loc) · 2.98 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
console.log('Loading function');
// dependencies
var AWS = require('aws-sdk');
var crypto = require('crypto');
var util = require('util');
var config = require('./config.json');
// Get reference to AWS clients
var dynamodb = new AWS.DynamoDB();
var ses = new AWS.SES();
function computeHash(password, salt, fn) {
// Bytesize
var len = config.CRYPTO_BYTE_SIZE;
var iterations = 4096;
if (3 == arguments.length) {
crypto.pbkdf2(password, salt, iterations, len, fn);
} else {
fn = salt;
crypto.randomBytes(len, function(err, salt) {
if (err) return fn(err);
salt = salt.toString('base64');
crypto.pbkdf2(password, salt, iterations, len, function(err, derivedKey) {
if (err) return fn(err);
fn(null, salt, derivedKey.toString('base64'));
});
});
}
}
function storeUser(email, password, salt, fn) {
// Bytesize
var len = config.CRYPTO_BYTE_SIZE;
crypto.randomBytes(len, function(err, token) {
if (err) return fn(err);
token = token.toString('hex');
dynamodb.putItem({
TableName: config.DDB_TABLE,
Item: {
email: {
S: email
},
passwordHash: {
S: password
},
passwordSalt: {
S: salt
},
verified: {
BOOL: false
},
verifyToken: {
S: token
}
},
ConditionExpression: 'attribute_not_exists (email)'
}, function(err, data) {
if (err) return fn(err);
else fn(null, token);
});
});
}
function sendVerificationEmail(email, token, fn) {
var subject = 'Verification Email for ' + config.EXTERNAL_NAME;
var verificationLink = config.VERIFICATION_PAGE + '?email=' + encodeURIComponent(email) + '&verify=' + token;
ses.sendEmail({
Source: config.EMAIL_SOURCE,
Destination: {
ToAddresses: [
email
]
},
Message: {
Subject: {
Data: subject
},
Body: {
Html: {
Data: '<html><head>'
+ '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />'
+ '<title>' + subject + '</title>'
+ '</head><body>'
+ 'Please <a href="' + verificationLink + '">click here to verify your email address</a> or copy & paste the following link in a browser:'
+ '<br><br>'
+ '<a href="' + verificationLink + '">' + verificationLink + '</a>'
+ '</body></html>'
}
}
}
}, fn);
}
exports.handler = function(event, context) {
var email = event.email;
var clearPassword = event.password;
computeHash(clearPassword, function(err, salt, hash) {
if (err) {
context.fail('Error in hash: ' + err);
} else {
storeUser(email, hash, salt, function(err, token) {
if (err) {
if (err.code == 'ConditionalCheckFailedException') {
// userId already found
context.succeed({
created: false
});
} else {
context.fail('Error in storeUser: ' + err);
}
} else {
sendVerificationEmail(email, token, function(err, data) {
if (err) {
context.fail('Error in sendVerificationEmail: ' + err);
} else {
context.succeed({
created: true
});
}
});
}
});
}
});
}