]>
git.immae.eu Git - perso/Immae/Projets/Nodejs/Surfer.git/blob - src/auth.js
3 var passport
= require('passport'),
4 path
= require('path'),
5 safe
= require('safetydance'),
7 bcrypt
= require('bcryptjs'),
8 uuid
= require('uuid/v4'),
9 BearerStrategy
= require('passport-http-bearer').Strategy
,
10 LdapStrategy
= require('passport-ldapjs').Strategy
,
11 HttpError
= require('connect-lastmile').HttpError
,
12 HttpSuccess
= require('connect-lastmile').HttpSuccess
;
14 const LOCAL_AUTH_FILE
= path
.resolve(process
.env
.LOCAL_AUTH_FILE
|| './.users.json');
15 const TOKENSTORE_FILE
= path
.resolve(process
.env
.TOKENSTORE_FILE
|| './.tokens.json');
21 fs
.writeFileSync(TOKENSTORE_FILE
, JSON
.stringify(tokenStore
.data
), 'utf-8');
23 console
.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e
);
26 get: function (token
, callback
) {
27 callback(tokenStore
.data
[token
] ? null : 'not found', tokenStore
.data
[token
]);
29 set: function (token
, data
, callback
) {
30 tokenStore
.data
[token
] = data
;
34 del: function (token
, callback
) {
35 delete tokenStore
.data
[token
];
41 // load token store data if any
43 console
.log(`Using tokenstore file: ${TOKENSTORE_FILE}`);
44 tokenStore
.data
= JSON
.parse(fs
.readFileSync(TOKENSTORE_FILE
, 'utf-8'));
46 // start with empty token store
49 function issueAccessToken() {
50 return function (req
, res
, next
) {
51 var accessToken
= uuid();
53 tokenStore
.set(accessToken
, req
.user
, function (error
) {
54 if (error
) return next(new HttpError(500, error
));
55 next(new HttpSuccess(201, { accessToken: accessToken
, user: req
.user
}));
60 passport
.serializeUser(function (user
, done
) {
61 console
.log('serializeUser', user
);
65 passport
.deserializeUser(function (id
, done
) {
66 console
.log('deserializeUser', id
);
67 done(null, { uid: id
});
70 var LDAP_URL
= process
.env
.LDAP_URL
;
71 var LDAP_USERS_BASE_DN
= process
.env
.LDAP_USERS_BASE_DN
;
73 if (LDAP_URL
&& LDAP_USERS_BASE_DN
) {
74 console
.log('Using ldap auth');
76 exports
.login
= [ passport
.authenticate('ldap'), issueAccessToken() ];
78 console
.log(`Using local user file: ${LOCAL_AUTH_FILE}`);
81 function (req
, res
, next
) {
82 var users
= safe
.JSON
.parse(safe
.fs
.readFileSync(LOCAL_AUTH_FILE
));
83 if (!users
) return res
.send(401);
84 if (!users
[req
.body
.username
]) return res
.send(401);
86 bcrypt
.compare(req
.body
.password
, users
[req
.body
.username
].passwordHash
, function (error
, valid
) {
87 if (error
|| !valid
) return res
.send(401);
90 username: req
.body
.username
104 base: LDAP_USERS_BASE_DN
,
106 filter: '(|(username={{username}})(mail={{username}}))',
107 attributes: ['displayname', 'username', 'mail', 'uid'],
111 usernameField: 'username',
112 passwordField: 'password',
115 passport
.use(new LdapStrategy(opts
, function (profile
, done
) {
119 exports
.verify
= passport
.authenticate('bearer', { session: false });
121 passport
.use(new BearerStrategy(function (token
, done
) {
122 tokenStore
.get(token
, function (error
, result
) {
124 console
.error(error
);
125 return done(null, false);
128 done(null, result
, { accessToken: token
});
132 exports
.logout = function (req
, res
, next
) {
133 tokenStore
.del(req
.authInfo
.accessToken
, function (error
) {
134 if (error
) console
.error(error
);
136 next(new HttpSuccess(200, {}));
140 exports
.getProfile = function (req
, res
, next
) {
141 next(new HttpSuccess(200, { username: req
.user
.username
}));