Replace passport usage with simpler custom middleware

author: Johannes Zellner <johannes@cloudron.io> 2019-08-06 16:21:26 +0200
committer: Johannes Zellner <johannes@cloudron.io> 2019-08-06 16:21:26 +0200
commit: 34adfa8518ba0b57d1837db1847a13215f31a83c (patch)
tree: 3c500b494b0350b35cb8a0748f343fd05c0b4b5e
parent: f384014e30d095a47ddce214a05c860a7c4d6679 (diff)
download: Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.gz
Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.zst
Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.zip
5 files changed, 29 insertions, 89 deletions
diff --git a/frontend/js/app.js b/frontend/js/app.js
index 9a6251b..d99a840 100644
--- a/frontend/js/app.js
+++ b/frontend/js/app.js
@@ -23,14 +23,14 @@ function asyncForEach(items, handler, callback) {
    })();
 }
-function getProfile(accessToken, callback) {
+function initWithToken(accessToken) {
    superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) {
        app.ready = true;
-        if (error && !error.response) return callback(error);
+        if (error && !error.response) return console.error(error);
        if (result.statusCode !== 200) {
            delete localStorage.accessToken;
-            return callback('Invalid access token');
+            return;
        }
        localStorage.accessToken = accessToken;
@@ -42,7 +42,7 @@ function getProfile(accessToken, callback) {
            app.folderListingEnabled = !!result.body.folderListingEnabled;
-            callback();
+            loadDirectory(decode(window.location.hash.slice(1)));
        });
    });
 }
@@ -292,11 +292,7 @@ var app = new Vue({
                if (error && !result) return that.$message.error(error.message);
                if (result.statusCode === 401) return that.$message.error('Wrong username or password');
-                getProfile(result.body.accessToken, function (error) {
+                initWithToken(result.body.accessToken);
-                    if (error) return console.error(error);
-                    loadDirectory(decode(window.location.hash.slice(1)));
-                });
            });
        },
        onOptionsMenu: function (command) {
@@ -452,11 +448,7 @@ var app = new Vue({
    }
 });
-getProfile(localStorage.accessToken, function (error) {
+initWithToken(localStorage.accessToken);
-    if (error) return console.error(error);
-    loadDirectory(decode(window.location.hash.slice(1)));
-});
 $(window).on('hashchange', function () {
    loadDirectory(decode(window.location.hash.slice(1)));
diff --git a/package-lock.json b/package-lock.json
index dccc4ed..3e6d191 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1164,28 +1164,6 @@
      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
      "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="
    },
-    "passport": {
-      "version": "0.2.2",
-      "resolved": "https://registry.npmjs.org/passport/-/passport-0.2.2.tgz",
-      "integrity": "sha1-nDjxe+uSnz2Br3uIOOhDDbhwPys=",
-      "requires": {
-        "passport-strategy": "1.x.x",
-        "pause": "0.0.1"
-      }
-    },
-    "passport-http-bearer": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/passport-http-bearer/-/passport-http-bearer-1.0.1.tgz",
-      "integrity": "sha1-FHRp6jZp4qhMYWfvmdu3fh8AmKg=",
-      "requires": {
-        "passport-strategy": "1.x.x"
-      }
-    },
-    "passport-strategy": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
-      "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ="
-    },
    "path-is-absolute": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
@@ -1201,11 +1179,6 @@
      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
      "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
    },
-    "pause": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz",
-      "integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10="
-    },
    "pend": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
diff --git a/package.json b/package.json
index 7b8c0ff..df42b30 100644
--- a/package.json
+++ b/package.json
@@ -37,8 +37,6 @@
    "mkdirp": "^0.5.1",
    "morgan": "^1.9.0",
    "multiparty": "^4.1.2",
-    "passport": "^0.2.2",
-    "passport-http-bearer": "^1.0.1",
    "readline-sync": "^1.4.9",
    "request": "^2.83.0",
    "safetydance": "^0.1.1",
diff --git a/server.js b/server.js
index e3d92e1..d3e4c6c 100755
--- a/server.js
+++ b/server.js
@@ -4,7 +4,6 @@
 var express = require('express'),
    morgan = require('morgan'),
-    passport = require('passport'),
    path = require('path'),
    fs = require('fs'),
    compression = require('compression'),
@@ -91,8 +90,6 @@ app.use('/api', bodyParser.json());
 app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' }));
 app.use('/api', cookieParser());
 app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false }));
-app.use('/api', passport.initialize());
-app.use('/api', passport.session());
 app.use(router);
 app.use(webdav.extensions.express('/_webdav', webdavServer));
 app.use('/_admin', express.static(__dirname + '/frontend'));
diff --git a/src/auth.js b/src/auth.js
index 96f3045..2532688 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,12 +1,10 @@
 'use strict';
-var passport = require('passport'),
+var path = require('path'),
-    path = require('path'),
    safe = require('safetydance'),
    fs = require('fs'),
    bcrypt = require('bcryptjs'),
    uuid = require('uuid/v4'),
-    BearerStrategy = require('passport-http-bearer').Strategy,
    ldapjs = require('ldapjs'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -56,27 +54,6 @@ try {
    // start with empty token store
 }
-function issueAccessToken() {
-    return function (req, res, next) {
-        var accessToken = uuid();
-        tokenStore.set(accessToken, req.user, function (error) {
-            if (error) return next(new HttpError(500, error));
-            next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
-        });
-    };
-}
-passport.serializeUser(function (user, done) {
-    console.log('serializeUser', user);
-    done(null, user.uid);
-});
-passport.deserializeUser(function (id, done) {
-    console.log('deserializeUser', id);
-    done(null, { uid: id });
-});
 function verifyUser(username, password, callback) {
    if (AUTH_METHOD === 'ldap') {
        var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL });
@@ -121,34 +98,37 @@ function verifyUser(username, password, callback) {
    }
 }
-exports.login = [
+exports.login = function (req, res, next) {
-    function (req, res, next) {
+    verifyUser(req.body.username, req.body.password, function (error, user) {
-        verifyUser(req.body.username, req.body.password, function (error, user) {
+        if (error) return next(new HttpError(401, 'Invalid credentials'));
-            if (error) return next(new HttpError(401, 'Invalid credentials'));
+        var accessToken = uuid();
-            req.user = user;
+        tokenStore.set(accessToken, user, function (error) {
+            if (error) return next(new HttpError(500, error));
-            next();
+            next(new HttpSuccess(201, { accessToken: accessToken, user: user }));
        });
-    },
+    });
-    issueAccessToken()
+};
-];
-exports.verify = passport.authenticate('bearer', { session: false });
+exports.verify = function (req, res, next) {
+    var accessToken = req.query.access_token || req.body.accessToken;
-passport.use(new BearerStrategy(function (token, done) {
+    tokenStore.get(accessToken, function (error, user) {
-    tokenStore.get(token, function (error, result) {
+        if (error) return next(new HttpError(401, 'Invalid Access Token'));
-        if (error) {
-            console.error(error);
+        req.user = user;
-            return done(null, false);
-        }
-        done(null, result, { accessToken: token });
+        next();
    });
-}));
+};
 exports.logout = function (req, res, next) {
-    tokenStore.del(req.authInfo.accessToken, function (error) {
+    var accessToken = req.query.access_token || req.body.accessToken;
+    tokenStore.del(accessToken, function (error) {
        if (error) console.error(error);
        next(new HttpSuccess(200, {}));
author	Johannes Zellner <johannes@cloudron.io>	2019-08-06 16:21:26 +0200
committer	Johannes Zellner <johannes@cloudron.io>	2019-08-06 16:21:26 +0200
commit	34adfa8518ba0b57d1837db1847a13215f31a83c (patch)
tree	3c500b494b0350b35cb8a0748f343fd05c0b4b5e
parent	f384014e30d095a47ddce214a05c860a7c4d6679 (diff)
download	Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.gz Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.zst Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.zip

diff --git a/frontend/js/app.js b/frontend/js/app.js index 9a6251b..d99a840 100644 --- a/frontend/js/app.js +++ b/frontend/js/app.js
@@ -23,14 +23,14 @@ function asyncForEach(items, handler, callback) {
23	})();	23	})();
24	}	24	}
25		25
26	function getProfile(accessToken, callback) {	26	function initWithToken(accessToken) {
27	superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) {	27	superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) {
28	app.ready = true;	28	app.ready = true;
29		29
30	if (error && !error.response) return callback(error);	30	if (error && !error.response) return console.error(error);
31	if (result.statusCode !== 200) {	31	if (result.statusCode !== 200) {
32	delete localStorage.accessToken;	32	delete localStorage.accessToken;
33	return callback('Invalid access token');	33	return;
34	}	34	}
35		35
36	localStorage.accessToken = accessToken;	36	localStorage.accessToken = accessToken;
@@ -42,7 +42,7 @@ function getProfile(accessToken, callback) {
42		42
43	app.folderListingEnabled = !!result.body.folderListingEnabled;	43	app.folderListingEnabled = !!result.body.folderListingEnabled;
44		44
45	callback();	45	loadDirectory(decode(window.location.hash.slice(1)));
46	});	46	});
47	});	47	});
48	}	48	}
@@ -292,11 +292,7 @@ var app = new Vue({
292	if (error && !result) return that.$message.error(error.message);	292	if (error && !result) return that.$message.error(error.message);
293	if (result.statusCode === 401) return that.$message.error('Wrong username or password');	293	if (result.statusCode === 401) return that.$message.error('Wrong username or password');
294		294
295	getProfile(result.body.accessToken, function (error) {	295	initWithToken(result.body.accessToken);
296	if (error) return console.error(error);
297
298	loadDirectory(decode(window.location.hash.slice(1)));
299	});
300	});	296	});
301	},	297	},
302	onOptionsMenu: function (command) {	298	onOptionsMenu: function (command) {
@@ -452,11 +448,7 @@ var app = new Vue({
452	}	448	}
453	});	449	});
454		450
455	getProfile(localStorage.accessToken, function (error) {	451	initWithToken(localStorage.accessToken);
456	if (error) return console.error(error);
457
458	loadDirectory(decode(window.location.hash.slice(1)));
459	});
460		452
461	$(window).on('hashchange', function () {	453	$(window).on('hashchange', function () {
462	loadDirectory(decode(window.location.hash.slice(1)));	454	loadDirectory(decode(window.location.hash.slice(1)));


diff --git a/package-lock.json b/package-lock.json index dccc4ed..3e6d191 100644 --- a/package-lock.json +++ b/package-lock.json
@@ -1164,28 +1164,6 @@
1164	"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",	1164	"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
1165	"integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="	1165	"integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="
1166	},	1166	},
1167	"passport": {
1168	"version": "0.2.2",
1169	"resolved": "https://registry.npmjs.org/passport/-/passport-0.2.2.tgz",
1170	"integrity": "sha1-nDjxe+uSnz2Br3uIOOhDDbhwPys=",
1171	"requires": {
1172	"passport-strategy": "1.x.x",
1173	"pause": "0.0.1"
1174	}
1175	},
1176	"passport-http-bearer": {
1177	"version": "1.0.1",
1178	"resolved": "https://registry.npmjs.org/passport-http-bearer/-/passport-http-bearer-1.0.1.tgz",
1179	"integrity": "sha1-FHRp6jZp4qhMYWfvmdu3fh8AmKg=",
1180	"requires": {
1181	"passport-strategy": "1.x.x"
1182	}
1183	},
1184	"passport-strategy": {
1185	"version": "1.0.0",
1186	"resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
1187	"integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ="
1188	},
1189	"path-is-absolute": {	1167	"path-is-absolute": {
1190	"version": "1.0.1",	1168	"version": "1.0.1",
1191	"resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",	1169	"resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
@@ -1201,11 +1179,6 @@
1201	"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",	1179	"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
1202	"integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="	1180	"integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
1203	},	1181	},
1204	"pause": {
1205	"version": "0.0.1",
1206	"resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz",
1207	"integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10="
1208	},
1209	"pend": {	1182	"pend": {
1210	"version": "1.2.0",	1183	"version": "1.2.0",
1211	"resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",	1184	"resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",


diff --git a/package.json b/package.json index 7b8c0ff..df42b30 100644 --- a/package.json +++ b/package.json
@@ -37,8 +37,6 @@
37	"mkdirp": "^0.5.1",	37	"mkdirp": "^0.5.1",
38	"morgan": "^1.9.0",	38	"morgan": "^1.9.0",
39	"multiparty": "^4.1.2",	39	"multiparty": "^4.1.2",
40	"passport": "^0.2.2",
41	"passport-http-bearer": "^1.0.1",
42	"readline-sync": "^1.4.9",	40	"readline-sync": "^1.4.9",
43	"request": "^2.83.0",	41	"request": "^2.83.0",
44	"safetydance": "^0.1.1",	42	"safetydance": "^0.1.1",


diff --git a/server.js b/server.js index e3d92e1..d3e4c6c 100755 --- a/server.js +++ b/server.js
@@ -4,7 +4,6 @@
4		4
5	var express = require('express'),	5	var express = require('express'),
6	morgan = require('morgan'),	6	morgan = require('morgan'),
7	passport = require('passport'),
8	path = require('path'),	7	path = require('path'),
9	fs = require('fs'),	8	fs = require('fs'),
10	compression = require('compression'),	9	compression = require('compression'),
@@ -91,8 +90,6 @@ app.use('/api', bodyParser.json());
91	app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' }));	90	app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' }));
92	app.use('/api', cookieParser());	91	app.use('/api', cookieParser());
93	app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false }));	92	app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false }));
94	app.use('/api', passport.initialize());
95	app.use('/api', passport.session());
96	app.use(router);	93	app.use(router);
97	app.use(webdav.extensions.express('/_webdav', webdavServer));	94	app.use(webdav.extensions.express('/_webdav', webdavServer));
98	app.use('/_admin', express.static(__dirname + '/frontend'));	95	app.use('/_admin', express.static(__dirname + '/frontend'));


diff --git a/src/auth.js b/src/auth.js index 96f3045..2532688 100644 --- a/src/auth.js +++ b/src/auth.js
@@ -1,12 +1,10 @@
1	'use strict';	1	'use strict';
2		2
3	var passport = require('passport'),	3	var path = require('path'),
4	path = require('path'),
5	safe = require('safetydance'),	4	safe = require('safetydance'),
6	fs = require('fs'),	5	fs = require('fs'),
7	bcrypt = require('bcryptjs'),	6	bcrypt = require('bcryptjs'),
8	uuid = require('uuid/v4'),	7	uuid = require('uuid/v4'),
9	BearerStrategy = require('passport-http-bearer').Strategy,
10	ldapjs = require('ldapjs'),	8	ldapjs = require('ldapjs'),
11	HttpError = require('connect-lastmile').HttpError,	9	HttpError = require('connect-lastmile').HttpError,
12	HttpSuccess = require('connect-lastmile').HttpSuccess,	10	HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -56,27 +54,6 @@ try {
56	// start with empty token store	54	// start with empty token store
57	}	55	}
58		56
59	function issueAccessToken() {
60	return function (req, res, next) {
61	var accessToken = uuid();
62
63	tokenStore.set(accessToken, req.user, function (error) {
64	if (error) return next(new HttpError(500, error));
65	next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
66	});
67	};
68	}
69
70	passport.serializeUser(function (user, done) {
71	console.log('serializeUser', user);
72	done(null, user.uid);
73	});
74
75	passport.deserializeUser(function (id, done) {
76	console.log('deserializeUser', id);
77	done(null, { uid: id });
78	});
79
80	function verifyUser(username, password, callback) {	57	function verifyUser(username, password, callback) {
81	if (AUTH_METHOD === 'ldap') {	58	if (AUTH_METHOD === 'ldap') {
82	var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL });	59	var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL });
@@ -121,34 +98,37 @@ function verifyUser(username, password, callback) {
121	}	98	}
122	}	99	}
123		100
124	exports.login = [	101	exports.login = function (req, res, next) {
125	function (req, res, next) {	102	verifyUser(req.body.username, req.body.password, function (error, user) {
126	verifyUser(req.body.username, req.body.password, function (error, user) {	103	if (error) return next(new HttpError(401, 'Invalid credentials'));
127	if (error) return next(new HttpError(401, 'Invalid credentials'));	104
		105	var accessToken = uuid();
128		106
129	req.user = user;	107	tokenStore.set(accessToken, user, function (error) {
		108	if (error) return next(new HttpError(500, error));
130		109
131	next();	110	next(new HttpSuccess(201, { accessToken: accessToken, user: user }));
132	});	111	});
133	},	112	});
134	issueAccessToken()	113	};
135	];
136		114
137	exports.verify = passport.authenticate('bearer', { session: false });	115	exports.verify = function (req, res, next) {
		116	var accessToken = req.query.access_token \|\| req.body.accessToken;
138		117
139	passport.use(new BearerStrategy(function (token, done) {	118	tokenStore.get(accessToken, function (error, user) {
140	tokenStore.get(token, function (error, result) {	119	if (error) return next(new HttpError(401, 'Invalid Access Token'));
141	if (error) {	120
142	console.error(error);	121	req.user = user;
143	return done(null, false);
144	}
145		122
146	done(null, result, { accessToken: token });	123	next();
147	});	124	});
148	}));	125
		126	};
149		127
150	exports.logout = function (req, res, next) {	128	exports.logout = function (req, res, next) {
151	tokenStore.del(req.authInfo.accessToken, function (error) {	129	var accessToken = req.query.access_token \|\| req.body.accessToken;
		130
		131	tokenStore.del(accessToken, function (error) {
152	if (error) console.error(error);	132	if (error) console.error(error);
153		133
154	next(new HttpSuccess(200, {}));	134	next(new HttpSuccess(200, {}));