]>
git.immae.eu Git - perso/Immae/Projets/Nodejs/Surfer.git/blob - src/auth.js
3 var passport
= require('passport'),
4 path
= require('path'),
5 safe
= require('safetydance'),
6 bcrypt
= require('bcryptjs'),
7 uuid
= require('uuid/v4'),
8 redis
= require('redis'),
9 BearerStrategy
= require('passport-http-bearer').Strategy
,
10 LdapStrategy
= require('passport-ldapjs').Strategy
,
11 HttpError
= require('connect-lastmile').HttpError
,
12 HttpSuccess
= require('connect-lastmile').HttpSuccess
;
14 var LOCAL_AUTH_FILE
= path
.resolve(process
.env
.LOCAL_AUTH_FILE
|| './.users.json');
18 get: function (token
, callback
) {
19 callback(tokenStore
.data
[token
] ? null : 'not found', tokenStore
.data
[token
]);
21 set: function (token
, data
, callback
) {
22 tokenStore
.data
[token
] = data
;
25 del: function (token
, callback
) {
26 delete tokenStore
.data
[token
];
31 if (process
.env
.REDIS_URL
) {
32 console
.log('Enable redis token store');
34 var redisClient
= redis
.createClient(process
.env
.REDIS_URL
);
36 if (process
.env
.REDIS_PASSWORD
) {
37 console
.log('Using redis auth');
38 redisClient
.auth(process
.env
.REDIS_PASSWORD
);
41 // overwrite the tokenStore api
42 tokenStore
.get = function (token
, callback
) {
43 redisClient
.get(token
, function (error
, result
) {
44 callback(error
|| null, safe
.JSON
.parse(result
));
47 tokenStore
.set = function (token
, data
, callback
) {
48 redisClient
.set(token
, JSON
.stringify(data
), callback
);
50 tokenStore
.del
= redisClient
.del
.bind(redisClient
);
52 console
.log('Use in-memory token store');
55 function issueAccessToken() {
56 return function (req
, res
, next
) {
57 var accessToken
= uuid();
59 tokenStore
.set(accessToken
, req
.user
, function (error
) {
60 if (error
) return next(new HttpError(500, error
));
61 next(new HttpSuccess(201, { accessToken: accessToken
, user: req
.user
}));
66 passport
.serializeUser(function (user
, done
) {
67 console
.log('serializeUser', user
);
71 passport
.deserializeUser(function (id
, done
) {
72 console
.log('deserializeUser', id
);
73 done(null, { uid: id
});
76 var LDAP_URL
= process
.env
.LDAP_URL
;
77 var LDAP_USERS_BASE_DN
= process
.env
.LDAP_USERS_BASE_DN
;
79 if (LDAP_URL
&& LDAP_USERS_BASE_DN
) {
80 console
.log('Enable ldap auth');
82 exports
.login
= [ passport
.authenticate('ldap'), issueAccessToken() ];
84 console
.log('Use local user file:', LOCAL_AUTH_FILE
);
87 function (req
, res
, next
) {
88 var users
= safe
.JSON
.parse(safe
.fs
.readFileSync(LOCAL_AUTH_FILE
));
89 if (!users
) return res
.send(401);
90 if (!users
[req
.body
.username
]) return res
.send(401);
92 bcrypt
.compare(req
.body
.password
, users
[req
.body
.username
].passwordHash
, function (error
, valid
) {
93 if (error
|| !valid
) return res
.send(401);
96 username: req
.body
.username
110 base: LDAP_USERS_BASE_DN
,
112 filter: '(|(username={{username}})(mail={{username}}))',
113 attributes: ['displayname', 'username', 'mail', 'uid'],
117 usernameField: 'username',
118 passwordField: 'password',
121 passport
.use(new LdapStrategy(opts
, function (profile
, done
) {
125 exports
.verify
= passport
.authenticate('bearer', { session: false });
127 passport
.use(new BearerStrategy(function (token
, done
) {
128 tokenStore
.get(token
, function (error
, result
) {
130 console
.error(error
);
131 return done(null, false);
134 done(null, result
, { accessToken: token
});
138 exports
.logout = function (req
, res
, next
) {
139 tokenStore
.del(req
.authInfo
.accessToken
, function (error
) {
140 if (error
) console
.error(error
);
142 next(new HttpSuccess(200, {}));
146 exports
.getProfile = function (req
, res
, next
) {
147 next(new HttpSuccess(200, { username: req
.user
.username
}));