[perso/Immae/Projets/Nodejs/Surfer.git] / src / auth.js

'use strict';

var passport = require('passport'),
    path = require('path'),
    safe = require('safetydance'),
    fs = require('fs'),
    bcrypt = require('bcryptjs'),
    uuid = require('uuid/v4'),
    BearerStrategy = require('passport-http-bearer').Strategy,
    LdapStrategy = require('passport-ldapjs').Strategy,
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess;

const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE || './.tokens.json');

var tokenStore = {
    data: {},
    save: function () {
        try {
            fs.writeFileSync(TOKENSTORE_FILE, JSON.stringify(tokenStore.data), 'utf-8');
        } catch (e) {
            console.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e);
        }
    },
    get: function (token, callback) {
        callback(tokenStore.data[token] ? null : 'not found', tokenStore.data[token]);
    },
    set: function (token, data, callback) {
        tokenStore.data[token] = data;
        tokenStore.save();
        callback(null);
    },
    del: function (token, callback) {
        delete tokenStore.data[token];
        tokenStore.save();
        callback(null);
    }
};

// load token store data if any
try {
    console.log(`Using tokenstore file: ${TOKENSTORE_FILE}`);
    tokenStore.data = JSON.parse(fs.readFileSync(TOKENSTORE_FILE, 'utf-8'));
} catch (e) {
    // start with empty token store
}

function issueAccessToken() {
    return function (req, res, next) {
        var accessToken = uuid();

        tokenStore.set(accessToken, req.user, function (error) {
            if (error) return next(new HttpError(500, error));
            next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
        });
    };
}

passport.serializeUser(function (user, done) {
    console.log('serializeUser', user);
    done(null, user.uid);
});

passport.deserializeUser(function (id, done) {
    console.log('deserializeUser', id);
    done(null, { uid: id });
});

var LDAP_URL = process.env.LDAP_URL;
var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;

if (LDAP_URL && LDAP_USERS_BASE_DN) {
    console.log('Using ldap auth');

    exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
} else {
    console.log(`Using local user file: ${LOCAL_AUTH_FILE}`);

    exports.login = [
        function (req, res, next) {
            var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
            if (!users) return res.send(401);
            if (!users[req.body.username]) return res.send(401);

            bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
                if (error || !valid) return res.send(401);

                req.user = {
                    username: req.body.username
                };

                next();
            });
        },
        issueAccessToken()
    ];
}

var opts = {
    server: {
        url: LDAP_URL,
    },
    base: LDAP_USERS_BASE_DN,
    search: {
        filter: '(|(username={{username}})(mail={{username}}))',
        attributes: ['displayname', 'username', 'mail', 'uid'],
        scope: 'sub'
    },
    uidTag: 'cn',
    usernameField: 'username',
    passwordField: 'password',
};

passport.use(new LdapStrategy(opts, function (profile, done) {
    done(null, profile);
}));

exports.verify = passport.authenticate('bearer', { session: false });

passport.use(new BearerStrategy(function (token, done) {
    tokenStore.get(token, function (error, result) {
        if (error) {
            console.error(error);
            return done(null, false);
        }

        done(null, result, { accessToken: token });
    });
}));

exports.logout = function (req, res, next) {
    tokenStore.del(req.authInfo.accessToken, function (error) {
        if (error) console.error(error);

        next(new HttpSuccess(200, {}));
    });
};

exports.getProfile = function (req, res, next) {
    next(new HttpSuccess(200, { username: req.user.username }));
};
Commit	Line	Data
591ad40c JZ	1	'use strict';
	2
	3	var passport = require('passport'),
dcb20866 J	4	path = require('path'),
dcb20866 J	5	safe = require('safetydance'),
b3ff26fb	6	fs = require('fs'),
dcb20866	7	bcrypt = require('bcryptjs'),
4a27fce7 JZ	8	uuid = require('uuid/v4'),
	9	BearerStrategy = require('passport-http-bearer').Strategy,
	10	LdapStrategy = require('passport-ldapjs').Strategy,
bcee8931	11	HttpError = require('connect-lastmile').HttpError,
4a27fce7	12	HttpSuccess = require('connect-lastmile').HttpSuccess;
591ad40c	13
b3ff26fb JZ	14	const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE \|\| './.users.json');
b3ff26fb JZ	15	const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE \|\| './.tokens.json');
dcb20866	16
bcee8931 JZ	17	var tokenStore = {
bcee8931 JZ	18	data: {},
b3ff26fb JZ	19	save: function () {
	20	try {
	21	fs.writeFileSync(TOKENSTORE_FILE, JSON.stringify(tokenStore.data), 'utf-8');
	22	} catch (e) {
	23	console.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e);
	24	}
	25	},
bcee8931 JZ	26	get: function (token, callback) {
	27	callback(tokenStore.data[token] ? null : 'not found', tokenStore.data[token]);
	28	},
	29	set: function (token, data, callback) {
	30	tokenStore.data[token] = data;
b3ff26fb	31	tokenStore.save();
bcee8931 JZ	32	callback(null);
	33	},
	34	del: function (token, callback) {
	35	delete tokenStore.data[token];
b3ff26fb	36	tokenStore.save();
bcee8931 JZ	37	callback(null);
	38	}
	39	};
	40
b3ff26fb JZ	41	// load token store data if any
	42	try {
	43	console.log(`Using tokenstore file: ${TOKENSTORE_FILE}`);
	44	tokenStore.data = JSON.parse(fs.readFileSync(TOKENSTORE_FILE, 'utf-8'));
	45	} catch (e) {
	46	// start with empty token store
bcee8931	47	}
4a27fce7 JZ	48
	49	function issueAccessToken() {
	50	return function (req, res, next) {
	51	var accessToken = uuid();
	52
bcee8931 JZ	53	tokenStore.set(accessToken, req.user, function (error) {
	54	if (error) return next(new HttpError(500, error));
	55	next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
	56	});
4a27fce7 JZ	57	};
	58	}
	59
a90a633f JZ	60	passport.serializeUser(function (user, done) {
a90a633f JZ	61	console.log('serializeUser', user);
cfe24a27	62	done(null, user.uid);
a90a633f JZ	63	});
	64
	65	passport.deserializeUser(function (id, done) {
	66	console.log('deserializeUser', id);
cfe24a27	67	done(null, { uid: id });
a90a633f JZ	68	});
a90a633f JZ	69
591ad40c JZ	70	var LDAP_URL = process.env.LDAP_URL;
	71	var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
	72
	73	if (LDAP_URL && LDAP_USERS_BASE_DN) {
b3ff26fb	74	console.log('Using ldap auth');
591ad40c	75
4a27fce7	76	exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
591ad40c	77	} else {
b3ff26fb	78	console.log(`Using local user file: ${LOCAL_AUTH_FILE}`);
a90a633f	79
4a27fce7 JZ	80	exports.login = [
	81	function (req, res, next) {
	82	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
	83	if (!users) return res.send(401);
9b7a26fc	84	if (!users[req.body.username]) return res.send(401);
dcb20866	85
9b7a26fc	86	bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
4a27fce7 JZ	87	if (error \|\| !valid) return res.send(401);
	88
	89	req.user = {
9b7a26fc	90	username: req.body.username
4a27fce7 JZ	91	};
	92
	93	next();
	94	});
	95	},
	96	issueAccessToken()
	97	];
591ad40c JZ	98	}
	99
	100	var opts = {
	101	server: {
	102	url: LDAP_URL,
	103	},
	104	base: LDAP_USERS_BASE_DN,
	105	search: {
b99589fc	106	filter: '(\|(username={{username}})(mail={{username}}))',
591ad40c JZ	107	attributes: ['displayname', 'username', 'mail', 'uid'],
	108	scope: 'sub'
	109	},
a90a633f	110	uidTag: 'cn',
591ad40c JZ	111	usernameField: 'username',
	112	passwordField: 'password',
	113	};
	114
	115	passport.use(new LdapStrategy(opts, function (profile, done) {
591ad40c JZ	116	done(null, profile);
591ad40c JZ	117	}));
4a27fce7 JZ	118
	119	exports.verify = passport.authenticate('bearer', { session: false });
	120
	121	passport.use(new BearerStrategy(function (token, done) {
bcee8931 JZ	122	tokenStore.get(token, function (error, result) {
	123	if (error) {
	124	console.error(error);
	125	return done(null, false);
	126	}
	127
	128	done(null, result, { accessToken: token });
	129	});
4a27fce7 JZ	130	}));
	131
	132	exports.logout = function (req, res, next) {
bcee8931 JZ	133	tokenStore.del(req.authInfo.accessToken, function (error) {
bcee8931 JZ	134	if (error) console.error(error);
4a27fce7	135
bcee8931 JZ	136	next(new HttpSuccess(200, {}));
bcee8931 JZ	137	});
4a27fce7 JZ	138	};
	139
	140	exports.getProfile = function (req, res, next) {
	141	next(new HttpSuccess(200, { username: req.user.username }));
	142	};