var express = require('express'),
morgan = require('morgan'),
+ passport = require('passport'),
path = require('path'),
compression = require('compression'),
+ session = require('express-session'),
bodyParser = require('body-parser'),
+ cookieParser = require('cookie-parser'),
lastMile = require('connect-lastmile'),
multipart = require('./src/multipart'),
+ auth = require('./src/auth.js'),
files = require('./src/files.js')(path.resolve(__dirname, 'files'));
var app = express();
var multipart = multipart({ maxFieldsSize: 2 * 1024, limit: '512mb', timeout: 3 * 60 * 1000 });
-router.get('/api/files/*', files.get);
-router.put('/api/files/*', multipart, files.put);
-router.delete('/api/files/*', files.del);
+router.get('/api/files/*', auth.ldap, files.get);
+router.put('/api/files/*', auth.ldap, multipart, files.put);
+router.delete('/api/files/*', auth.ldap, files.del);
// healthcheck in case / does not serve up any file yet
router.get('/', function (req, res) { res.sendfile(path.join(__dirname, '/app/welcome.html')); });
app.use(morgan('dev'));
app.use(compression());
-app.use(bodyParser.json());
app.use('/settings', express.static(__dirname + '/app'));
app.use(express.static(__dirname + '/files'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded());
+app.use(cookieParser());
+app.use(session({ secret: 'surfin surfin' }));
+app.use(passport.initialize());
+app.use(passport.session());
app.use(router);
app.use(lastMile());
--- /dev/null
+'use strict';
+
+var passport = require('passport'),
+ LdapStrategy = require('passport-ldapjs').Strategy;
+
+var LDAP_URL = process.env.LDAP_URL;
+var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
+
+if (LDAP_URL && LDAP_USERS_BASE_DN) {
+ console.log('Enable ldap auth');
+
+ exports.ldap = passport.authenticate('ldap', {
+ successReturnToOrRedirect: '/',
+ failureRedirect: '/login',
+ failureFlash: true
+ });
+} else {
+ exports.ldap = function (req, res, next) {
+ console.log('ldap auth disabled');
+ next();
+ };
+}
+
+var opts = {
+ server: {
+ url: LDAP_URL,
+ },
+ base: LDAP_USERS_BASE_DN,
+ search: {
+ filter: '(uid={{username}})',
+ attributes: ['displayname', 'username', 'mail', 'uid'],
+ scope: 'sub'
+ },
+ uidTag: 'uid',
+ usernameField: 'username',
+ passwordField: 'password',
+};
+
+passport.use(new LdapStrategy(opts, function (profile, done) {
+ console.log('ldap', profile);
+ done(null, profile);
+}));