Add ldap auth

author Johannes Zellner <johannes@nebulon.de>

Sat, 27 Jun 2015 17:05:20 +0000 (19:05 +0200)

committer Johannes Zellner <johannes@nebulon.de>

Sat, 27 Jun 2015 17:05:20 +0000 (19:05 +0200)
author Johannes Zellner <johannes@nebulon.de>
Sat, 27 Jun 2015 17:05:20 +0000 (19:05 +0200)
committer Johannes Zellner <johannes@nebulon.de>
Sat, 27 Jun 2015 17:05:20 +0000 (19:05 +0200)
diff --git a/Dockerfile b/Dockerfile

index 80ecadff64a63cf8334229be440cad87110732a5..87ed80d2e6882a9d63032aaa9be5abf2a1fb7872 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,6 +9,7 @@ WORKDIR /app/code
  ADD package.json /app/code/package.json
  ADD src /app/code/src
  ADD app.js /app/code/app.js
+ADD app /app/code/app
  RUN npm install
  
  EXPOSE 3000
diff --git a/app.js b/app.js

index 967b86585033f8aa7a5bb4a4f77df0813dd9d671..5cc70f409ab1ff00e5819baffc7f4db16923fa17 100755 (executable)
--- a/app.js
+++ b/app.js
@@ -4,11 +4,15 @@
  
  var express = require('express'),
      morgan = require('morgan'),
+    passport = require('passport'),
      path = require('path'),
      compression = require('compression'),
+    session = require('express-session'),
      bodyParser = require('body-parser'),
+    cookieParser = require('cookie-parser'),
      lastMile = require('connect-lastmile'),
      multipart = require('./src/multipart'),
+    auth = require('./src/auth.js'),
      files = require('./src/files.js')(path.resolve(__dirname, 'files'));
  
  var app = express();
@@ -16,18 +20,23 @@ var router = new express.Router();
  
  var multipart = multipart({ maxFieldsSize: 2 * 1024, limit: '512mb', timeout: 3 * 60 * 1000 });
  
-router.get('/api/files/*', files.get);
-router.put('/api/files/*', multipart, files.put);
-router.delete('/api/files/*', files.del);
+router.get('/api/files/*', auth.ldap, files.get);
+router.put('/api/files/*', auth.ldap, multipart, files.put);
+router.delete('/api/files/*', auth.ldap, files.del);
  
  // healthcheck in case / does not serve up any file yet
  router.get('/', function (req, res) { res.sendfile(path.join(__dirname, '/app/welcome.html')); });
  
  app.use(morgan('dev'));
  app.use(compression());
-app.use(bodyParser.json());
  app.use('/settings', express.static(__dirname + '/app'));
  app.use(express.static(__dirname + '/files'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded());
+app.use(cookieParser());
+app.use(session({ secret: 'surfin surfin' }));
+app.use(passport.initialize());
+app.use(passport.session());
  app.use(router);
  app.use(lastMile());
  
diff --git a/cli/actions.js b/cli/actions.js

index 36296ae17a9c64a037ae7ce232a2b621f968e3ea..b35b8dad4ee1f4bea83aafa1c3ced644398ca0ad 100644 (file)
--- a/cli/actions.js
+++ b/cli/actions.js
@@ -44,6 +44,8 @@ function collectFiles(filesOrFolders) {
  }
  
  function login(server) {
+    if (server[server.length-1] === '/') server = server.slice(0, -1);
+
      console.log('Using server', server);
      config.set('server', server);
  }
diff --git a/package.json b/package.json

index 8c11b9a869e1bc656890f131e183d4831a0efd74..d10b7336d53903002acfc7b61961cd9c2b0cbaad 100644 (file)
--- a/package.json
+++ b/package.json
@@ -23,13 +23,16 @@
      "compression": "^1.5.0",
      "connect-lastmile": "0.0.10",
      "connect-timeout": "^1.6.2",
+    "cookie-parser": "^1.3.5",
      "debug": "^2.2.0",
      "del": "^1.2.0",
      "ejs": "^2.3.1",
      "express": "^4.12.4",
+    "express-session": "^1.11.3",
      "mkdirp": "^0.5.1",
      "morgan": "^1.6.0",
      "multiparty": "^4.1.2",
+    "passport": "^0.2.2",
      "safetydance": "0.0.16",
      "superagent": "^1.2.0",
      "underscore": "^1.8.3"
diff --git a/src/auth.js b/src/auth.js

new file mode 100644 (file)

index 0000000..3d2acce
--- /dev/null
+++ b/src/auth.js
@@ -0,0 +1,42 @@
+'use strict';
+
+var passport = require('passport'),
+    LdapStrategy = require('passport-ldapjs').Strategy;
+
+var LDAP_URL = process.env.LDAP_URL;
+var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
+
+if (LDAP_URL && LDAP_USERS_BASE_DN) {
+    console.log('Enable ldap auth');
+
+    exports.ldap = passport.authenticate('ldap', {
+        successReturnToOrRedirect: '/',
+        failureRedirect: '/login',
+        failureFlash: true
+    });
+} else {
+    exports.ldap = function (req, res, next) {
+        console.log('ldap auth disabled');
+        next();
+    };
+}
+
+var opts = {
+    server: {
+        url: LDAP_URL,
+    },
+    base: LDAP_USERS_BASE_DN,
+    search: {
+        filter: '(uid={{username}})',
+        attributes: ['displayname', 'username', 'mail', 'uid'],
+        scope: 'sub'
+    },
+    uidTag: 'uid',
+    usernameField: 'username',
+    passwordField: 'password',
+};
+
+passport.use(new LdapStrategy(opts, function (profile, done) {
+    console.log('ldap', profile);
+    done(null, profile);
+}));
author	Johannes Zellner <johannes@nebulon.de>
	Sat, 27 Jun 2015 17:05:20 +0000 (19:05 +0200)
committer	Johannes Zellner <johannes@nebulon.de>
	Sat, 27 Jun 2015 17:05:20 +0000 (19:05 +0200)
Dockerfile		patch \| blob \| blame \| history
app.js		patch \| blob \| blame \| history
cli/actions.js		patch \| blob \| blame \| history
package.json		patch \| blob \| blame \| history
src/auth.js	[new file with mode: 0644]	patch \| blob