[perso/Immae/Projets/Nodejs/Surfer.git] / src / auth.js

'use strict';

var passport = require('passport'),
    path = require('path'),
    safe = require('safetydance'),
    fs = require('fs'),
    bcrypt = require('bcryptjs'),
    uuid = require('uuid/v4'),
    BearerStrategy = require('passport-http-bearer').Strategy,
    LdapStrategy = require('passport-ldapjs').Strategy,
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    webdavErrors = require('webdav-server').v2.Errors;

const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE || './.tokens.json');

var tokenStore = {
    data: {},
    save: function () {
        try {
            fs.writeFileSync(TOKENSTORE_FILE, JSON.stringify(tokenStore.data), 'utf-8');
        } catch (e) {
            console.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e);
        }
    },
    get: function (token, callback) {
        callback(tokenStore.data[token] ? null : 'not found', tokenStore.data[token]);
    },
    set: function (token, data, callback) {
        tokenStore.data[token] = data;
        tokenStore.save();
        callback(null);
    },
    del: function (token, callback) {
        delete tokenStore.data[token];
        tokenStore.save();
        callback(null);
    }
};

// load token store data if any
try {
    console.log(`Using tokenstore file: ${TOKENSTORE_FILE}`);
    tokenStore.data = JSON.parse(fs.readFileSync(TOKENSTORE_FILE, 'utf-8'));
} catch (e) {
    // start with empty token store
}

function issueAccessToken() {
    return function (req, res, next) {
        var accessToken = uuid();

        tokenStore.set(accessToken, req.user, function (error) {
            if (error) return next(new HttpError(500, error));
            next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
        });
    };
}

passport.serializeUser(function (user, done) {
    console.log('serializeUser', user);
    done(null, user.uid);
});

passport.deserializeUser(function (id, done) {
    console.log('deserializeUser', id);
    done(null, { uid: id });
});

var LDAP_URL = process.env.LDAP_URL;
var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;

if (LDAP_URL && LDAP_USERS_BASE_DN) {
    console.log('Using ldap auth');

    exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
} else {
    console.log(`Using local user file: ${LOCAL_AUTH_FILE}`);

    exports.login = [
        function (req, res, next) {
            var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
            if (!users) return res.send(401);
            if (!users[req.body.username]) return res.send(401);

            bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
                if (error || !valid) return res.send(401);

                req.user = {
                    username: req.body.username
                };

                next();
            });
        },
        issueAccessToken()
    ];
}

var opts = {
    server: {
        url: LDAP_URL,
    },
    base: LDAP_USERS_BASE_DN,
    search: {
        filter: '(|(username={{username}})(mail={{username}}))',
        attributes: ['displayname', 'username', 'mail', 'uid'],
        scope: 'sub'
    },
    uidTag: 'cn',
    usernameField: 'username',
    passwordField: 'password',
};

passport.use(new LdapStrategy(opts, function (profile, done) {
    done(null, profile);
}));

exports.verify = passport.authenticate('bearer', { session: false });

passport.use(new BearerStrategy(function (token, done) {
    tokenStore.get(token, function (error, result) {
        if (error) {
            console.error(error);
            return done(null, false);
        }

        done(null, result, { accessToken: token });
    });
}));

exports.logout = function (req, res, next) {
    tokenStore.del(req.authInfo.accessToken, function (error) {
        if (error) console.error(error);

        next(new HttpSuccess(200, {}));
    });
};

exports.getProfile = function (req, res, next) {
    next(new HttpSuccess(200, { username: req.user.username }));
};

// webdav usermanager
exports.WebdavUserManager = WebdavUserManager;

// This implements the required interface only for the Basic Authentication for webdav-server
function WebdavUserManager() {};

WebdavUserManager.prototype.getDefaultUser = function (callback) {
    // this is only a dummy user, since we always require authentication
    var user = {
        username: 'DefaultUser',
        password: null,
        isAdministrator: false,
        isDefaultUser: true,
        uid: 'DefaultUser'
    };

    callback(user);
};

WebdavUserManager.prototype.getUserByNamePassword = function (username, password, callback) {
    var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
    if (!users) return callback(webdavErrors.UserNotFound);
    if (!users[username]) return callback(webdavErrors.UserNotFound);

    bcrypt.compare(password, users[username].passwordHash, function (error, valid) {
        if (error || !valid) return callback(webdavErrors.UserNotFound);

        callback(null, {
            username: username,
            isAdministrator: true,
            isDefaultUser: false,
            uid: username
        });
    });
};
Commit	Line	Data
591ad40c JZ	1	'use strict';
	2
	3	var passport = require('passport'),
dcb20866 J	4	path = require('path'),
dcb20866 J	5	safe = require('safetydance'),
b3ff26fb	6	fs = require('fs'),
dcb20866	7	bcrypt = require('bcryptjs'),
4a27fce7 JZ	8	uuid = require('uuid/v4'),
	9	BearerStrategy = require('passport-http-bearer').Strategy,
	10	LdapStrategy = require('passport-ldapjs').Strategy,
bcee8931	11	HttpError = require('connect-lastmile').HttpError,
7af3d855 JZ	12	HttpSuccess = require('connect-lastmile').HttpSuccess,
7af3d855 JZ	13	webdavErrors = require('webdav-server').v2.Errors;
591ad40c	14
b3ff26fb JZ	15	const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE \|\| './.users.json');
b3ff26fb JZ	16	const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE \|\| './.tokens.json');
dcb20866	17
bcee8931 JZ	18	var tokenStore = {
bcee8931 JZ	19	data: {},
b3ff26fb JZ	20	save: function () {
	21	try {
	22	fs.writeFileSync(TOKENSTORE_FILE, JSON.stringify(tokenStore.data), 'utf-8');
	23	} catch (e) {
	24	console.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e);
	25	}
	26	},
bcee8931 JZ	27	get: function (token, callback) {
	28	callback(tokenStore.data[token] ? null : 'not found', tokenStore.data[token]);
	29	},
	30	set: function (token, data, callback) {
	31	tokenStore.data[token] = data;
b3ff26fb	32	tokenStore.save();
bcee8931 JZ	33	callback(null);
	34	},
	35	del: function (token, callback) {
	36	delete tokenStore.data[token];
b3ff26fb	37	tokenStore.save();
bcee8931 JZ	38	callback(null);
	39	}
	40	};
	41
b3ff26fb JZ	42	// load token store data if any
	43	try {
	44	console.log(`Using tokenstore file: ${TOKENSTORE_FILE}`);
	45	tokenStore.data = JSON.parse(fs.readFileSync(TOKENSTORE_FILE, 'utf-8'));
	46	} catch (e) {
	47	// start with empty token store
bcee8931	48	}
4a27fce7 JZ	49
	50	function issueAccessToken() {
	51	return function (req, res, next) {
	52	var accessToken = uuid();
	53
bcee8931 JZ	54	tokenStore.set(accessToken, req.user, function (error) {
	55	if (error) return next(new HttpError(500, error));
	56	next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
	57	});
4a27fce7 JZ	58	};
	59	}
	60
a90a633f JZ	61	passport.serializeUser(function (user, done) {
a90a633f JZ	62	console.log('serializeUser', user);
cfe24a27	63	done(null, user.uid);
a90a633f JZ	64	});
	65
	66	passport.deserializeUser(function (id, done) {
	67	console.log('deserializeUser', id);
cfe24a27	68	done(null, { uid: id });
a90a633f JZ	69	});
a90a633f JZ	70
591ad40c JZ	71	var LDAP_URL = process.env.LDAP_URL;
	72	var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
	73
	74	if (LDAP_URL && LDAP_USERS_BASE_DN) {
b3ff26fb	75	console.log('Using ldap auth');
591ad40c	76
4a27fce7	77	exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
591ad40c	78	} else {
b3ff26fb	79	console.log(`Using local user file: ${LOCAL_AUTH_FILE}`);
a90a633f	80
4a27fce7 JZ	81	exports.login = [
	82	function (req, res, next) {
	83	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
	84	if (!users) return res.send(401);
9b7a26fc	85	if (!users[req.body.username]) return res.send(401);
dcb20866	86
9b7a26fc	87	bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
4a27fce7 JZ	88	if (error \|\| !valid) return res.send(401);
	89
	90	req.user = {
9b7a26fc	91	username: req.body.username
4a27fce7 JZ	92	};
	93
	94	next();
	95	});
	96	},
	97	issueAccessToken()
	98	];
591ad40c JZ	99	}
	100
	101	var opts = {
	102	server: {
	103	url: LDAP_URL,
	104	},
	105	base: LDAP_USERS_BASE_DN,
	106	search: {
b99589fc	107	filter: '(\|(username={{username}})(mail={{username}}))',
591ad40c JZ	108	attributes: ['displayname', 'username', 'mail', 'uid'],
	109	scope: 'sub'
	110	},
a90a633f	111	uidTag: 'cn',
591ad40c JZ	112	usernameField: 'username',
	113	passwordField: 'password',
	114	};
	115
	116	passport.use(new LdapStrategy(opts, function (profile, done) {
591ad40c JZ	117	done(null, profile);
591ad40c JZ	118	}));
4a27fce7 JZ	119
	120	exports.verify = passport.authenticate('bearer', { session: false });
	121
	122	passport.use(new BearerStrategy(function (token, done) {
bcee8931 JZ	123	tokenStore.get(token, function (error, result) {
	124	if (error) {
	125	console.error(error);
	126	return done(null, false);
	127	}
	128
	129	done(null, result, { accessToken: token });
	130	});
4a27fce7 JZ	131	}));
	132
	133	exports.logout = function (req, res, next) {
bcee8931 JZ	134	tokenStore.del(req.authInfo.accessToken, function (error) {
bcee8931 JZ	135	if (error) console.error(error);
4a27fce7	136
bcee8931 JZ	137	next(new HttpSuccess(200, {}));
bcee8931 JZ	138	});
4a27fce7 JZ	139	};
	140
	141	exports.getProfile = function (req, res, next) {
	142	next(new HttpSuccess(200, { username: req.user.username }));
	143	};
7af3d855 JZ	144
	145	// webdav usermanager
	146	exports.WebdavUserManager = WebdavUserManager;
	147
	148	// This implements the required interface only for the Basic Authentication for webdav-server
	149	function WebdavUserManager() {};
	150
	151	WebdavUserManager.prototype.getDefaultUser = function (callback) {
	152	// this is only a dummy user, since we always require authentication
	153	var user = {
	154	username: 'DefaultUser',
	155	password: null,
	156	isAdministrator: false,
	157	isDefaultUser: true,
	158	uid: 'DefaultUser'
	159	};
	160
	161	callback(user);
	162	};
	163
	164	WebdavUserManager.prototype.getUserByNamePassword = function (username, password, callback) {
	165	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
	166	if (!users) return callback(webdavErrors.UserNotFound);
	167	if (!users[username]) return callback(webdavErrors.UserNotFound);
	168
	169	bcrypt.compare(password, users[username].passwordHash, function (error, valid) {
	170	if (error \|\| !valid) return callback(webdavErrors.UserNotFound);
	171
	172	callback(null, {
	173	username: username,
	174	isAdministrator: true,
	175	isDefaultUser: false,
	176	uid: username
	177	});
	178	});
	179	};