diff options
author | Johannes Zellner <johannes@cloudron.io> | 2019-08-06 16:21:26 +0200 |
---|---|---|
committer | Johannes Zellner <johannes@cloudron.io> | 2019-08-06 16:21:26 +0200 |
commit | 34adfa8518ba0b57d1837db1847a13215f31a83c (patch) | |
tree | 3c500b494b0350b35cb8a0748f343fd05c0b4b5e | |
parent | f384014e30d095a47ddce214a05c860a7c4d6679 (diff) | |
download | Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.gz Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.tar.zst Surfer-34adfa8518ba0b57d1837db1847a13215f31a83c.zip |
Replace passport usage with simpler custom middleware
-rw-r--r-- | frontend/js/app.js | 20 | ||||
-rw-r--r-- | package-lock.json | 27 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rwxr-xr-x | server.js | 3 | ||||
-rw-r--r-- | src/auth.js | 66 |
5 files changed, 29 insertions, 89 deletions
diff --git a/frontend/js/app.js b/frontend/js/app.js index 9a6251b..d99a840 100644 --- a/frontend/js/app.js +++ b/frontend/js/app.js | |||
@@ -23,14 +23,14 @@ function asyncForEach(items, handler, callback) { | |||
23 | })(); | 23 | })(); |
24 | } | 24 | } |
25 | 25 | ||
26 | function getProfile(accessToken, callback) { | 26 | function initWithToken(accessToken) { |
27 | superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) { | 27 | superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) { |
28 | app.ready = true; | 28 | app.ready = true; |
29 | 29 | ||
30 | if (error && !error.response) return callback(error); | 30 | if (error && !error.response) return console.error(error); |
31 | if (result.statusCode !== 200) { | 31 | if (result.statusCode !== 200) { |
32 | delete localStorage.accessToken; | 32 | delete localStorage.accessToken; |
33 | return callback('Invalid access token'); | 33 | return; |
34 | } | 34 | } |
35 | 35 | ||
36 | localStorage.accessToken = accessToken; | 36 | localStorage.accessToken = accessToken; |
@@ -42,7 +42,7 @@ function getProfile(accessToken, callback) { | |||
42 | 42 | ||
43 | app.folderListingEnabled = !!result.body.folderListingEnabled; | 43 | app.folderListingEnabled = !!result.body.folderListingEnabled; |
44 | 44 | ||
45 | callback(); | 45 | loadDirectory(decode(window.location.hash.slice(1))); |
46 | }); | 46 | }); |
47 | }); | 47 | }); |
48 | } | 48 | } |
@@ -292,11 +292,7 @@ var app = new Vue({ | |||
292 | if (error && !result) return that.$message.error(error.message); | 292 | if (error && !result) return that.$message.error(error.message); |
293 | if (result.statusCode === 401) return that.$message.error('Wrong username or password'); | 293 | if (result.statusCode === 401) return that.$message.error('Wrong username or password'); |
294 | 294 | ||
295 | getProfile(result.body.accessToken, function (error) { | 295 | initWithToken(result.body.accessToken); |
296 | if (error) return console.error(error); | ||
297 | |||
298 | loadDirectory(decode(window.location.hash.slice(1))); | ||
299 | }); | ||
300 | }); | 296 | }); |
301 | }, | 297 | }, |
302 | onOptionsMenu: function (command) { | 298 | onOptionsMenu: function (command) { |
@@ -452,11 +448,7 @@ var app = new Vue({ | |||
452 | } | 448 | } |
453 | }); | 449 | }); |
454 | 450 | ||
455 | getProfile(localStorage.accessToken, function (error) { | 451 | initWithToken(localStorage.accessToken); |
456 | if (error) return console.error(error); | ||
457 | |||
458 | loadDirectory(decode(window.location.hash.slice(1))); | ||
459 | }); | ||
460 | 452 | ||
461 | $(window).on('hashchange', function () { | 453 | $(window).on('hashchange', function () { |
462 | loadDirectory(decode(window.location.hash.slice(1))); | 454 | loadDirectory(decode(window.location.hash.slice(1))); |
diff --git a/package-lock.json b/package-lock.json index dccc4ed..3e6d191 100644 --- a/package-lock.json +++ b/package-lock.json | |||
@@ -1164,28 +1164,6 @@ | |||
1164 | "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz", | 1164 | "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz", |
1165 | "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M=" | 1165 | "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M=" |
1166 | }, | 1166 | }, |
1167 | "passport": { | ||
1168 | "version": "0.2.2", | ||
1169 | "resolved": "https://registry.npmjs.org/passport/-/passport-0.2.2.tgz", | ||
1170 | "integrity": "sha1-nDjxe+uSnz2Br3uIOOhDDbhwPys=", | ||
1171 | "requires": { | ||
1172 | "passport-strategy": "1.x.x", | ||
1173 | "pause": "0.0.1" | ||
1174 | } | ||
1175 | }, | ||
1176 | "passport-http-bearer": { | ||
1177 | "version": "1.0.1", | ||
1178 | "resolved": "https://registry.npmjs.org/passport-http-bearer/-/passport-http-bearer-1.0.1.tgz", | ||
1179 | "integrity": "sha1-FHRp6jZp4qhMYWfvmdu3fh8AmKg=", | ||
1180 | "requires": { | ||
1181 | "passport-strategy": "1.x.x" | ||
1182 | } | ||
1183 | }, | ||
1184 | "passport-strategy": { | ||
1185 | "version": "1.0.0", | ||
1186 | "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", | ||
1187 | "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ=" | ||
1188 | }, | ||
1189 | "path-is-absolute": { | 1167 | "path-is-absolute": { |
1190 | "version": "1.0.1", | 1168 | "version": "1.0.1", |
1191 | "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", | 1169 | "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", |
@@ -1201,11 +1179,6 @@ | |||
1201 | "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", | 1179 | "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", |
1202 | "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" | 1180 | "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" |
1203 | }, | 1181 | }, |
1204 | "pause": { | ||
1205 | "version": "0.0.1", | ||
1206 | "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz", | ||
1207 | "integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10=" | ||
1208 | }, | ||
1209 | "pend": { | 1182 | "pend": { |
1210 | "version": "1.2.0", | 1183 | "version": "1.2.0", |
1211 | "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", | 1184 | "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", |
diff --git a/package.json b/package.json index 7b8c0ff..df42b30 100644 --- a/package.json +++ b/package.json | |||
@@ -37,8 +37,6 @@ | |||
37 | "mkdirp": "^0.5.1", | 37 | "mkdirp": "^0.5.1", |
38 | "morgan": "^1.9.0", | 38 | "morgan": "^1.9.0", |
39 | "multiparty": "^4.1.2", | 39 | "multiparty": "^4.1.2", |
40 | "passport": "^0.2.2", | ||
41 | "passport-http-bearer": "^1.0.1", | ||
42 | "readline-sync": "^1.4.9", | 40 | "readline-sync": "^1.4.9", |
43 | "request": "^2.83.0", | 41 | "request": "^2.83.0", |
44 | "safetydance": "^0.1.1", | 42 | "safetydance": "^0.1.1", |
@@ -4,7 +4,6 @@ | |||
4 | 4 | ||
5 | var express = require('express'), | 5 | var express = require('express'), |
6 | morgan = require('morgan'), | 6 | morgan = require('morgan'), |
7 | passport = require('passport'), | ||
8 | path = require('path'), | 7 | path = require('path'), |
9 | fs = require('fs'), | 8 | fs = require('fs'), |
10 | compression = require('compression'), | 9 | compression = require('compression'), |
@@ -91,8 +90,6 @@ app.use('/api', bodyParser.json()); | |||
91 | app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' })); | 90 | app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' })); |
92 | app.use('/api', cookieParser()); | 91 | app.use('/api', cookieParser()); |
93 | app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false })); | 92 | app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false })); |
94 | app.use('/api', passport.initialize()); | ||
95 | app.use('/api', passport.session()); | ||
96 | app.use(router); | 93 | app.use(router); |
97 | app.use(webdav.extensions.express('/_webdav', webdavServer)); | 94 | app.use(webdav.extensions.express('/_webdav', webdavServer)); |
98 | app.use('/_admin', express.static(__dirname + '/frontend')); | 95 | app.use('/_admin', express.static(__dirname + '/frontend')); |
diff --git a/src/auth.js b/src/auth.js index 96f3045..2532688 100644 --- a/src/auth.js +++ b/src/auth.js | |||
@@ -1,12 +1,10 @@ | |||
1 | 'use strict'; | 1 | 'use strict'; |
2 | 2 | ||
3 | var passport = require('passport'), | 3 | var path = require('path'), |
4 | path = require('path'), | ||
5 | safe = require('safetydance'), | 4 | safe = require('safetydance'), |
6 | fs = require('fs'), | 5 | fs = require('fs'), |
7 | bcrypt = require('bcryptjs'), | 6 | bcrypt = require('bcryptjs'), |
8 | uuid = require('uuid/v4'), | 7 | uuid = require('uuid/v4'), |
9 | BearerStrategy = require('passport-http-bearer').Strategy, | ||
10 | ldapjs = require('ldapjs'), | 8 | ldapjs = require('ldapjs'), |
11 | HttpError = require('connect-lastmile').HttpError, | 9 | HttpError = require('connect-lastmile').HttpError, |
12 | HttpSuccess = require('connect-lastmile').HttpSuccess, | 10 | HttpSuccess = require('connect-lastmile').HttpSuccess, |
@@ -56,27 +54,6 @@ try { | |||
56 | // start with empty token store | 54 | // start with empty token store |
57 | } | 55 | } |
58 | 56 | ||
59 | function issueAccessToken() { | ||
60 | return function (req, res, next) { | ||
61 | var accessToken = uuid(); | ||
62 | |||
63 | tokenStore.set(accessToken, req.user, function (error) { | ||
64 | if (error) return next(new HttpError(500, error)); | ||
65 | next(new HttpSuccess(201, { accessToken: accessToken, user: req.user })); | ||
66 | }); | ||
67 | }; | ||
68 | } | ||
69 | |||
70 | passport.serializeUser(function (user, done) { | ||
71 | console.log('serializeUser', user); | ||
72 | done(null, user.uid); | ||
73 | }); | ||
74 | |||
75 | passport.deserializeUser(function (id, done) { | ||
76 | console.log('deserializeUser', id); | ||
77 | done(null, { uid: id }); | ||
78 | }); | ||
79 | |||
80 | function verifyUser(username, password, callback) { | 57 | function verifyUser(username, password, callback) { |
81 | if (AUTH_METHOD === 'ldap') { | 58 | if (AUTH_METHOD === 'ldap') { |
82 | var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL }); | 59 | var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL }); |
@@ -121,34 +98,37 @@ function verifyUser(username, password, callback) { | |||
121 | } | 98 | } |
122 | } | 99 | } |
123 | 100 | ||
124 | exports.login = [ | 101 | exports.login = function (req, res, next) { |
125 | function (req, res, next) { | 102 | verifyUser(req.body.username, req.body.password, function (error, user) { |
126 | verifyUser(req.body.username, req.body.password, function (error, user) { | 103 | if (error) return next(new HttpError(401, 'Invalid credentials')); |
127 | if (error) return next(new HttpError(401, 'Invalid credentials')); | 104 | |
105 | var accessToken = uuid(); | ||
128 | 106 | ||
129 | req.user = user; | 107 | tokenStore.set(accessToken, user, function (error) { |
108 | if (error) return next(new HttpError(500, error)); | ||
130 | 109 | ||
131 | next(); | 110 | next(new HttpSuccess(201, { accessToken: accessToken, user: user })); |
132 | }); | 111 | }); |
133 | }, | 112 | }); |
134 | issueAccessToken() | 113 | }; |
135 | ]; | ||
136 | 114 | ||
137 | exports.verify = passport.authenticate('bearer', { session: false }); | 115 | exports.verify = function (req, res, next) { |
116 | var accessToken = req.query.access_token || req.body.accessToken; | ||
138 | 117 | ||
139 | passport.use(new BearerStrategy(function (token, done) { | 118 | tokenStore.get(accessToken, function (error, user) { |
140 | tokenStore.get(token, function (error, result) { | 119 | if (error) return next(new HttpError(401, 'Invalid Access Token')); |
141 | if (error) { | 120 | |
142 | console.error(error); | 121 | req.user = user; |
143 | return done(null, false); | ||
144 | } | ||
145 | 122 | ||
146 | done(null, result, { accessToken: token }); | 123 | next(); |
147 | }); | 124 | }); |
148 | })); | 125 | |
126 | }; | ||
149 | 127 | ||
150 | exports.logout = function (req, res, next) { | 128 | exports.logout = function (req, res, next) { |
151 | tokenStore.del(req.authInfo.accessToken, function (error) { | 129 | var accessToken = req.query.access_token || req.body.accessToken; |
130 | |||
131 | tokenStore.del(accessToken, function (error) { | ||
152 | if (error) console.error(error); | 132 | if (error) console.error(error); |
153 | 133 | ||
154 | next(new HttpSuccess(200, {})); | 134 | next(new HttpSuccess(200, {})); |