]>
git.immae.eu Git - perso/Immae/Projets/Nodejs/Surfer.git/blob - src/auth.js
3 var passport
= require('passport'),
4 path
= require('path'),
5 safe
= require('safetydance'),
6 bcrypt
= require('bcryptjs'),
7 uuid
= require('uuid/v4'),
8 BearerStrategy
= require('passport-http-bearer').Strategy
,
9 LdapStrategy
= require('passport-ldapjs').Strategy
,
10 HttpSuccess
= require('connect-lastmile').HttpSuccess
;
12 var LOCAL_AUTH_FILE
= path
.resolve(process
.env
.LOCAL_AUTH_FILE
|| './.users.json');
16 function issueAccessToken() {
17 return function (req
, res
, next
) {
18 var accessToken
= uuid();
20 gTokenStore
[accessToken
] = req
.user
;
22 next(new HttpSuccess(201, { accessToken: accessToken
, user: req
.user
}));
26 passport
.serializeUser(function (user
, done
) {
27 console
.log('serializeUser', user
);
31 passport
.deserializeUser(function (id
, done
) {
32 console
.log('deserializeUser', id
);
33 done(null, { uid: id
});
36 var LDAP_URL
= process
.env
.LDAP_URL
;
37 var LDAP_USERS_BASE_DN
= process
.env
.LDAP_USERS_BASE_DN
;
39 if (LDAP_URL
&& LDAP_USERS_BASE_DN
) {
40 console
.log('Enable ldap auth');
42 exports
.login
= [ passport
.authenticate('ldap'), issueAccessToken() ];
44 console
.log('Use local user file:', LOCAL_AUTH_FILE
);
47 function (req
, res
, next
) {
48 var users
= safe
.JSON
.parse(safe
.fs
.readFileSync(LOCAL_AUTH_FILE
));
49 if (!users
) return res
.send(401);
50 if (!users
[req
.body
.username
]) return res
.send(401);
52 bcrypt
.compare(req
.body
.password
, users
[req
.body
.username
].passwordHash
, function (error
, valid
) {
53 if (error
|| !valid
) return res
.send(401);
56 username: req
.body
.username
70 base: LDAP_USERS_BASE_DN
,
72 filter: '(|(username={{username}})(mail={{username}}))',
73 attributes: ['displayname', 'username', 'mail', 'uid'],
77 usernameField: 'username',
78 passwordField: 'password',
81 passport
.use(new LdapStrategy(opts
, function (profile
, done
) {
85 exports
.verify
= passport
.authenticate('bearer', { session: false });
87 passport
.use(new BearerStrategy(function (token
, done
) {
88 if (!gTokenStore
[token
]) return done(null, false);
90 return done(null, gTokenStore
[token
], { accessToken: token
});
93 exports
.logout = function (req
, res
, next
) {
94 delete gTokenStore
[req
.authInfo
.accessToken
];
96 next(new HttpSuccess(200, {}));
99 exports
.getProfile = function (req
, res
, next
) {
100 next(new HttpSuccess(200, { username: req
.user
.username
}));