aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJohannes Zellner <johannes@cloudron.io>2019-08-06 16:21:26 +0200
committerJohannes Zellner <johannes@cloudron.io>2019-08-06 16:21:26 +0200
commit34adfa8518ba0b57d1837db1847a13215f31a83c (patch)
tree3c500b494b0350b35cb8a0748f343fd05c0b4b5e
parentf384014e30d095a47ddce214a05c860a7c4d6679 (diff)
downloadSurfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.gz
Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.zst
Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.zip
Replace passport usage with simpler custom middleware
-rw-r--r--frontend/js/app.js20
-rw-r--r--package-lock.json27
-rw-r--r--package.json2
-rwxr-xr-xserver.js3
-rw-r--r--src/auth.js66
5 files changed, 29 insertions, 89 deletions
diff --git a/frontend/js/app.js b/frontend/js/app.js
index 9a6251b..d99a840 100644
--- a/frontend/js/app.js
+++ b/frontend/js/app.js
@@ -23,14 +23,14 @@ function asyncForEach(items, handler, callback) {
23 })(); 23 })();
24} 24}
25 25
26function getProfile(accessToken, callback) { 26function initWithToken(accessToken) {
27 superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) { 27 superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) {
28 app.ready = true; 28 app.ready = true;
29 29
30 if (error && !error.response) return callback(error); 30 if (error && !error.response) return console.error(error);
31 if (result.statusCode !== 200) { 31 if (result.statusCode !== 200) {
32 delete localStorage.accessToken; 32 delete localStorage.accessToken;
33 return callback('Invalid access token'); 33 return;
34 } 34 }
35 35
36 localStorage.accessToken = accessToken; 36 localStorage.accessToken = accessToken;
@@ -42,7 +42,7 @@ function getProfile(accessToken, callback) {
42 42
43 app.folderListingEnabled = !!result.body.folderListingEnabled; 43 app.folderListingEnabled = !!result.body.folderListingEnabled;
44 44
45 callback(); 45 loadDirectory(decode(window.location.hash.slice(1)));
46 }); 46 });
47 }); 47 });
48} 48}
@@ -292,11 +292,7 @@ var app = new Vue({
292 if (error && !result) return that.$message.error(error.message); 292 if (error && !result) return that.$message.error(error.message);
293 if (result.statusCode === 401) return that.$message.error('Wrong username or password'); 293 if (result.statusCode === 401) return that.$message.error('Wrong username or password');
294 294
295 getProfile(result.body.accessToken, function (error) { 295 initWithToken(result.body.accessToken);
296 if (error) return console.error(error);
297
298 loadDirectory(decode(window.location.hash.slice(1)));
299 });
300 }); 296 });
301 }, 297 },
302 onOptionsMenu: function (command) { 298 onOptionsMenu: function (command) {
@@ -452,11 +448,7 @@ var app = new Vue({
452 } 448 }
453}); 449});
454 450
455getProfile(localStorage.accessToken, function (error) { 451initWithToken(localStorage.accessToken);
456 if (error) return console.error(error);
457
458 loadDirectory(decode(window.location.hash.slice(1)));
459});
460 452
461$(window).on('hashchange', function () { 453$(window).on('hashchange', function () {
462 loadDirectory(decode(window.location.hash.slice(1))); 454 loadDirectory(decode(window.location.hash.slice(1)));
diff --git a/package-lock.json b/package-lock.json
index dccc4ed..3e6d191 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1164,28 +1164,6 @@
1164 "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz", 1164 "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
1165 "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M=" 1165 "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="
1166 }, 1166 },
1167 "passport": {
1168 "version": "0.2.2",
1169 "resolved": "https://registry.npmjs.org/passport/-/passport-0.2.2.tgz",
1170 "integrity": "sha1-nDjxe+uSnz2Br3uIOOhDDbhwPys=",
1171 "requires": {
1172 "passport-strategy": "1.x.x",
1173 "pause": "0.0.1"
1174 }
1175 },
1176 "passport-http-bearer": {
1177 "version": "1.0.1",
1178 "resolved": "https://registry.npmjs.org/passport-http-bearer/-/passport-http-bearer-1.0.1.tgz",
1179 "integrity": "sha1-FHRp6jZp4qhMYWfvmdu3fh8AmKg=",
1180 "requires": {
1181 "passport-strategy": "1.x.x"
1182 }
1183 },
1184 "passport-strategy": {
1185 "version": "1.0.0",
1186 "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
1187 "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ="
1188 },
1189 "path-is-absolute": { 1167 "path-is-absolute": {
1190 "version": "1.0.1", 1168 "version": "1.0.1",
1191 "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", 1169 "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
@@ -1201,11 +1179,6 @@
1201 "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", 1179 "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
1202 "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" 1180 "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
1203 }, 1181 },
1204 "pause": {
1205 "version": "0.0.1",
1206 "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz",
1207 "integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10="
1208 },
1209 "pend": { 1182 "pend": {
1210 "version": "1.2.0", 1183 "version": "1.2.0",
1211 "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", 1184 "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
diff --git a/package.json b/package.json
index 7b8c0ff..df42b30 100644
--- a/package.json
+++ b/package.json
@@ -37,8 +37,6 @@
37 "mkdirp": "^0.5.1", 37 "mkdirp": "^0.5.1",
38 "morgan": "^1.9.0", 38 "morgan": "^1.9.0",
39 "multiparty": "^4.1.2", 39 "multiparty": "^4.1.2",
40 "passport": "^0.2.2",
41 "passport-http-bearer": "^1.0.1",
42 "readline-sync": "^1.4.9", 40 "readline-sync": "^1.4.9",
43 "request": "^2.83.0", 41 "request": "^2.83.0",
44 "safetydance": "^0.1.1", 42 "safetydance": "^0.1.1",
diff --git a/server.js b/server.js
index e3d92e1..d3e4c6c 100755
--- a/server.js
+++ b/server.js
@@ -4,7 +4,6 @@
4 4
5var express = require('express'), 5var express = require('express'),
6 morgan = require('morgan'), 6 morgan = require('morgan'),
7 passport = require('passport'),
8 path = require('path'), 7 path = require('path'),
9 fs = require('fs'), 8 fs = require('fs'),
10 compression = require('compression'), 9 compression = require('compression'),
@@ -91,8 +90,6 @@ app.use('/api', bodyParser.json());
91app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' })); 90app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' }));
92app.use('/api', cookieParser()); 91app.use('/api', cookieParser());
93app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false })); 92app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false }));
94app.use('/api', passport.initialize());
95app.use('/api', passport.session());
96app.use(router); 93app.use(router);
97app.use(webdav.extensions.express('/_webdav', webdavServer)); 94app.use(webdav.extensions.express('/_webdav', webdavServer));
98app.use('/_admin', express.static(__dirname + '/frontend')); 95app.use('/_admin', express.static(__dirname + '/frontend'));
diff --git a/src/auth.js b/src/auth.js
index 96f3045..2532688 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,12 +1,10 @@
1'use strict'; 1'use strict';
2 2
3var passport = require('passport'), 3var path = require('path'),
4 path = require('path'),
5 safe = require('safetydance'), 4 safe = require('safetydance'),
6 fs = require('fs'), 5 fs = require('fs'),
7 bcrypt = require('bcryptjs'), 6 bcrypt = require('bcryptjs'),
8 uuid = require('uuid/v4'), 7 uuid = require('uuid/v4'),
9 BearerStrategy = require('passport-http-bearer').Strategy,
10 ldapjs = require('ldapjs'), 8 ldapjs = require('ldapjs'),
11 HttpError = require('connect-lastmile').HttpError, 9 HttpError = require('connect-lastmile').HttpError,
12 HttpSuccess = require('connect-lastmile').HttpSuccess, 10 HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -56,27 +54,6 @@ try {
56 // start with empty token store 54 // start with empty token store
57} 55}
58 56
59function issueAccessToken() {
60 return function (req, res, next) {
61 var accessToken = uuid();
62
63 tokenStore.set(accessToken, req.user, function (error) {
64 if (error) return next(new HttpError(500, error));
65 next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
66 });
67 };
68}
69
70passport.serializeUser(function (user, done) {
71 console.log('serializeUser', user);
72 done(null, user.uid);
73});
74
75passport.deserializeUser(function (id, done) {
76 console.log('deserializeUser', id);
77 done(null, { uid: id });
78});
79
80function verifyUser(username, password, callback) { 57function verifyUser(username, password, callback) {
81 if (AUTH_METHOD === 'ldap') { 58 if (AUTH_METHOD === 'ldap') {
82 var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL }); 59 var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL });
@@ -121,34 +98,37 @@ function verifyUser(username, password, callback) {
121 } 98 }
122} 99}
123 100
124exports.login = [ 101exports.login = function (req, res, next) {
125 function (req, res, next) { 102 verifyUser(req.body.username, req.body.password, function (error, user) {
126 verifyUser(req.body.username, req.body.password, function (error, user) { 103 if (error) return next(new HttpError(401, 'Invalid credentials'));
127 if (error) return next(new HttpError(401, 'Invalid credentials')); 104
105 var accessToken = uuid();
128 106
129 req.user = user; 107 tokenStore.set(accessToken, user, function (error) {
108 if (error) return next(new HttpError(500, error));
130 109
131 next(); 110 next(new HttpSuccess(201, { accessToken: accessToken, user: user }));
132 }); 111 });
133 }, 112 });
134 issueAccessToken() 113};
135];
136 114
137exports.verify = passport.authenticate('bearer', { session: false }); 115exports.verify = function (req, res, next) {
116 var accessToken = req.query.access_token || req.body.accessToken;
138 117
139passport.use(new BearerStrategy(function (token, done) { 118 tokenStore.get(accessToken, function (error, user) {
140 tokenStore.get(token, function (error, result) { 119 if (error) return next(new HttpError(401, 'Invalid Access Token'));
141 if (error) { 120
142 console.error(error); 121 req.user = user;
143 return done(null, false);
144 }
145 122
146 done(null, result, { accessToken: token }); 123 next();
147 }); 124 });
148})); 125
126};
149 127
150exports.logout = function (req, res, next) { 128exports.logout = function (req, res, next) {
151 tokenStore.del(req.authInfo.accessToken, function (error) { 129 var accessToken = req.query.access_token || req.body.accessToken;
130
131 tokenStore.del(accessToken, function (error) {
152 if (error) console.error(error); 132 if (error) console.error(error);
153 133
154 next(new HttpSuccess(200, {})); 134 next(new HttpSuccess(200, {}));