]>
git.immae.eu Git - perso/Immae/Projets/Nodejs/Surfer.git/blob - src/auth.js
3 var passport
= require('passport'),
4 path
= require('path'),
5 safe
= require('safetydance'),
7 bcrypt
= require('bcryptjs'),
8 uuid
= require('uuid/v4'),
9 BearerStrategy
= require('passport-http-bearer').Strategy
,
10 LdapStrategy
= require('passport-ldapjs').Strategy
,
11 HttpError
= require('connect-lastmile').HttpError
,
12 HttpSuccess
= require('connect-lastmile').HttpSuccess
,
13 webdavErrors
= require('webdav-server').v2
.Errors
;
15 const LOCAL_AUTH_FILE
= path
.resolve(process
.env
.LOCAL_AUTH_FILE
|| './.users.json');
16 const TOKENSTORE_FILE
= path
.resolve(process
.env
.TOKENSTORE_FILE
|| './.tokens.json');
22 fs
.writeFileSync(TOKENSTORE_FILE
, JSON
.stringify(tokenStore
.data
), 'utf-8');
24 console
.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e
);
27 get: function (token
, callback
) {
28 callback(tokenStore
.data
[token
] ? null : 'not found', tokenStore
.data
[token
]);
30 set: function (token
, data
, callback
) {
31 tokenStore
.data
[token
] = data
;
35 del: function (token
, callback
) {
36 delete tokenStore
.data
[token
];
42 // load token store data if any
44 console
.log(`Using tokenstore file: ${TOKENSTORE_FILE}`);
45 tokenStore
.data
= JSON
.parse(fs
.readFileSync(TOKENSTORE_FILE
, 'utf-8'));
47 // start with empty token store
50 function issueAccessToken() {
51 return function (req
, res
, next
) {
52 var accessToken
= uuid();
54 tokenStore
.set(accessToken
, req
.user
, function (error
) {
55 if (error
) return next(new HttpError(500, error
));
56 next(new HttpSuccess(201, { accessToken: accessToken
, user: req
.user
}));
61 passport
.serializeUser(function (user
, done
) {
62 console
.log('serializeUser', user
);
66 passport
.deserializeUser(function (id
, done
) {
67 console
.log('deserializeUser', id
);
68 done(null, { uid: id
});
71 var LDAP_URL
= process
.env
.LDAP_URL
;
72 var LDAP_USERS_BASE_DN
= process
.env
.LDAP_USERS_BASE_DN
;
74 if (LDAP_URL
&& LDAP_USERS_BASE_DN
) {
75 console
.log('Using ldap auth');
77 exports
.login
= [ passport
.authenticate('ldap'), issueAccessToken() ];
79 console
.log(`Using local user file: ${LOCAL_AUTH_FILE}`);
82 function (req
, res
, next
) {
83 var users
= safe
.JSON
.parse(safe
.fs
.readFileSync(LOCAL_AUTH_FILE
));
84 if (!users
) return res
.send(401);
85 if (!users
[req
.body
.username
]) return res
.send(401);
87 bcrypt
.compare(req
.body
.password
, users
[req
.body
.username
].passwordHash
, function (error
, valid
) {
88 if (error
|| !valid
) return res
.send(401);
91 username: req
.body
.username
105 base: LDAP_USERS_BASE_DN
,
107 filter: '(|(username={{username}})(mail={{username}}))',
108 attributes: ['displayname', 'username', 'mail', 'uid'],
112 usernameField: 'username',
113 passwordField: 'password',
116 passport
.use(new LdapStrategy(opts
, function (profile
, done
) {
120 exports
.verify
= passport
.authenticate('bearer', { session: false });
122 passport
.use(new BearerStrategy(function (token
, done
) {
123 tokenStore
.get(token
, function (error
, result
) {
125 console
.error(error
);
126 return done(null, false);
129 done(null, result
, { accessToken: token
});
133 exports
.logout = function (req
, res
, next
) {
134 tokenStore
.del(req
.authInfo
.accessToken
, function (error
) {
135 if (error
) console
.error(error
);
137 next(new HttpSuccess(200, {}));
141 exports
.getProfile = function (req
, res
, next
) {
142 next(new HttpSuccess(200, { username: req
.user
.username
}));
145 // webdav usermanager
146 exports
.WebdavUserManager
= WebdavUserManager
;
148 // This implements the required interface only for the Basic Authentication for webdav-server
149 function WebdavUserManager() {};
151 WebdavUserManager
.prototype.getDefaultUser = function (callback
) {
152 // this is only a dummy user, since we always require authentication
154 username: 'DefaultUser',
156 isAdministrator: false,
164 WebdavUserManager
.prototype.getUserByNamePassword = function (username
, password
, callback
) {
165 var users
= safe
.JSON
.parse(safe
.fs
.readFileSync(LOCAL_AUTH_FILE
));
166 if (!users
) return callback(webdavErrors
.UserNotFound
);
167 if (!users
[username
]) return callback(webdavErrors
.UserNotFound
);
169 bcrypt
.compare(password
, users
[username
].passwordHash
, function (error
, valid
) {
170 if (error
|| !valid
) return callback(webdavErrors
.UserNotFound
);
174 isAdministrator: true,
175 isDefaultUser: false,