From: Johannes <johannes@cloudron.io>
Date: Thu, 17 Nov 2016 11:51:06 +0000 (+0100)
Subject: Implement local file auth
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FProjets%2FNodejs%2FSurfer.git;a=commitdiff_plain;h=dcb2086608d38a8c5c17fcdbd7ec97155aeb9cc0

Implement local file auth
---

diff --git a/src/auth.js b/src/auth.js
index 39c01a1..6ddb125 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,8 +1,13 @@
 'use strict';
 
 var passport = require('passport'),
+    path = require('path'),
+    safe = require('safetydance'),
+    bcrypt = require('bcryptjs'),
     LdapStrategy = require('passport-ldapjs').Strategy;
 
+var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
+
 passport.serializeUser(function (user, done) {
     console.log('serializeUser', user);
     done(null, user.uid);
@@ -21,13 +26,17 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
 
     exports.ldap = passport.authenticate('ldap');
 } else {
-    exports.ldap = function (req, res, next) {
-        console.log('Disable ldap auth, use developer credentials!');
+    console.log('Use local user file:', LOCAL_AUTH_FILE);
 
-        if (req.query.username !== 'test') return res.send(401);
-        if (req.query.password !== 'test') return res.send(401);
-
-        next();
+    exports.ldap = function (req, res, next) {
+        var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
+        if (!users) return res.send(401);
+        if (!users[req.query.username]) return res.send(401);
+
+        bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
+            if (error || !valid) return res.send(401);
+            next();
+        });
     };
 }