Use accessTokens instead of username/password

author: Johannes Zellner <johannes@cloudron.io> 2017-02-09 12:40:40 +0100
committer: Johannes Zellner <johannes@cloudron.io> 2017-02-09 12:40:40 +0100
commit: 4a27fce742a75881cd84607f4237624d8c0a0a22 (patch)
tree: 231baf61d87005c807803b37aed57147630a0501 /src
parent: 3422a21b8eb26682772867e1fd997ef806229459 (diff)
download: Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.gz
Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.zst
Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.zip
1 files changed, 54 insertions, 11 deletions
diff --git a/src/auth.js b/src/auth.js
index b56f09f..8645d4c 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -4,10 +4,25 @@ var passport = require('passport'),
    path = require('path'),
    safe = require('safetydance'),
    bcrypt = require('bcryptjs'),
-    LdapStrategy = require('passport-ldapjs').Strategy;
+    uuid = require('uuid/v4'),
+    BearerStrategy = require('passport-http-bearer').Strategy,
+    LdapStrategy = require('passport-ldapjs').Strategy,
+    HttpSuccess = require('connect-lastmile').HttpSuccess;
 var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
+var gTokenStore = {};
+function issueAccessToken() {
+    return function (req, res, next) {
+        var accessToken = uuid();
+        gTokenStore[accessToken] = req.user;
+        next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
+    };
+}
 passport.serializeUser(function (user, done) {
    console.log('serializeUser', user);
    done(null, user.uid);
@@ -24,20 +39,28 @@ var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
 if (LDAP_URL && LDAP_USERS_BASE_DN) {
    console.log('Enable ldap auth');
-    exports.verify = passport.authenticate('ldap');
+    exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
 } else {
    console.log('Use local user file:', LOCAL_AUTH_FILE);
-    exports.verify = function (req, res, next) {
+    exports.login = [
-        var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
+        function (req, res, next) {
-        if (!users) return res.send(401);
+            var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
-        if (!users[req.query.username]) return res.send(401);
+            if (!users) return res.send(401);
+            if (!users[req.query.username]) return res.send(401);
-        bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
+            bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
-            if (error || !valid) return res.send(401);
+                if (error || !valid) return res.send(401);
-            next();
-        });
+                req.user = {
-    };
+                    username: req.query.username
+                };
+                next();
+            });
+        },
+        issueAccessToken()
+    ];
 }
 var opts = {
@@ -58,3 +81,23 @@ var opts = {
 passport.use(new LdapStrategy(opts, function (profile, done) {
    done(null, profile);
 }));
+exports.verify = passport.authenticate('bearer', { session: false });
+passport.use(new BearerStrategy(function (token, done) {
+    if (!gTokenStore[token]) return done(null, false);
+    return done(null, gTokenStore[token], { accessToken: token });
+}));
+exports.logout = function (req, res, next) {
+    console.log(req.authInfo);
+    delete gTokenStore[req.authInfo.accessToken];
+    next(new HttpSuccess(200, {}));
+};
+exports.getProfile = function (req, res, next) {
+    next(new HttpSuccess(200, { username: req.user.username }));
+};
author	Johannes Zellner <johannes@cloudron.io>	2017-02-09 12:40:40 +0100
committer	Johannes Zellner <johannes@cloudron.io>	2017-02-09 12:40:40 +0100
commit	4a27fce742a75881cd84607f4237624d8c0a0a22 (patch)
tree	231baf61d87005c807803b37aed57147630a0501 /src
parent	3422a21b8eb26682772867e1fd997ef806229459 (diff)
download	Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.gz Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.tar.zst Surfer-4a27fce742a75881cd84607f4237624d8c0a0a22.zip

diff --git a/src/auth.js b/src/auth.js index b56f09f..8645d4c 100644 --- a/src/auth.js +++ b/src/auth.js
@@ -4,10 +4,25 @@ var passport = require('passport'),
4	path = require('path'),	4	path = require('path'),
5	safe = require('safetydance'),	5	safe = require('safetydance'),
6	bcrypt = require('bcryptjs'),	6	bcrypt = require('bcryptjs'),
7	LdapStrategy = require('passport-ldapjs').Strategy;	7	uuid = require('uuid/v4'),
		8	BearerStrategy = require('passport-http-bearer').Strategy,
		9	LdapStrategy = require('passport-ldapjs').Strategy,
		10	HttpSuccess = require('connect-lastmile').HttpSuccess;
8		11
9	var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE \|\| './.users.json');	12	var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE \|\| './.users.json');
10		13
		14	var gTokenStore = {};
		15
		16	function issueAccessToken() {
		17	return function (req, res, next) {
		18	var accessToken = uuid();
		19
		20	gTokenStore[accessToken] = req.user;
		21
		22	next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
		23	};
		24	}
		25
11	passport.serializeUser(function (user, done) {	26	passport.serializeUser(function (user, done) {
12	console.log('serializeUser', user);	27	console.log('serializeUser', user);
13	done(null, user.uid);	28	done(null, user.uid);
@@ -24,20 +39,28 @@ var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
24	if (LDAP_URL && LDAP_USERS_BASE_DN) {	39	if (LDAP_URL && LDAP_USERS_BASE_DN) {
25	console.log('Enable ldap auth');	40	console.log('Enable ldap auth');
26		41
27	exports.verify = passport.authenticate('ldap');	42	exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
28	} else {	43	} else {
29	console.log('Use local user file:', LOCAL_AUTH_FILE);	44	console.log('Use local user file:', LOCAL_AUTH_FILE);
30		45
31	exports.verify = function (req, res, next) {	46	exports.login = [
32	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));	47	function (req, res, next) {
33	if (!users) return res.send(401);	48	var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
34	if (!users[req.query.username]) return res.send(401);	49	if (!users) return res.send(401);
		50	if (!users[req.query.username]) return res.send(401);
35		51
36	bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {	52	bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
37	if (error \|\| !valid) return res.send(401);	53	if (error \|\| !valid) return res.send(401);
38	next();	54
39	});	55	req.user = {
40	};	56	username: req.query.username
		57	};
		58
		59	next();
		60	});
		61	},
		62	issueAccessToken()
		63	];
41	}	64	}
42		65
43	var opts = {	66	var opts = {
@@ -58,3 +81,23 @@ var opts = {
58	passport.use(new LdapStrategy(opts, function (profile, done) {	81	passport.use(new LdapStrategy(opts, function (profile, done) {
59	done(null, profile);	82	done(null, profile);
60	}));	83	}));
		84
		85	exports.verify = passport.authenticate('bearer', { session: false });
		86
		87	passport.use(new BearerStrategy(function (token, done) {
		88	if (!gTokenStore[token]) return done(null, false);
		89
		90	return done(null, gTokenStore[token], { accessToken: token });
		91	}));
		92
		93	exports.logout = function (req, res, next) {
		94	console.log(req.authInfo);
		95
		96	delete gTokenStore[req.authInfo.accessToken];
		97
		98	next(new HttpSuccess(200, {}));
		99	};
		100
		101	exports.getProfile = function (req, res, next) {
		102	next(new HttpSuccess(200, { username: req.user.username }));
		103	};