aboutsummaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/auth.js65
1 files changed, 54 insertions, 11 deletions
diff --git a/src/auth.js b/src/auth.js
index b56f09f..8645d4c 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -4,10 +4,25 @@ var passport = require('passport'),
4 path = require('path'), 4 path = require('path'),
5 safe = require('safetydance'), 5 safe = require('safetydance'),
6 bcrypt = require('bcryptjs'), 6 bcrypt = require('bcryptjs'),
7 LdapStrategy = require('passport-ldapjs').Strategy; 7 uuid = require('uuid/v4'),
8 BearerStrategy = require('passport-http-bearer').Strategy,
9 LdapStrategy = require('passport-ldapjs').Strategy,
10 HttpSuccess = require('connect-lastmile').HttpSuccess;
8 11
9var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json'); 12var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
10 13
14var gTokenStore = {};
15
16function issueAccessToken() {
17 return function (req, res, next) {
18 var accessToken = uuid();
19
20 gTokenStore[accessToken] = req.user;
21
22 next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
23 };
24}
25
11passport.serializeUser(function (user, done) { 26passport.serializeUser(function (user, done) {
12 console.log('serializeUser', user); 27 console.log('serializeUser', user);
13 done(null, user.uid); 28 done(null, user.uid);
@@ -24,20 +39,28 @@ var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
24if (LDAP_URL && LDAP_USERS_BASE_DN) { 39if (LDAP_URL && LDAP_USERS_BASE_DN) {
25 console.log('Enable ldap auth'); 40 console.log('Enable ldap auth');
26 41
27 exports.verify = passport.authenticate('ldap'); 42 exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
28} else { 43} else {
29 console.log('Use local user file:', LOCAL_AUTH_FILE); 44 console.log('Use local user file:', LOCAL_AUTH_FILE);
30 45
31 exports.verify = function (req, res, next) { 46 exports.login = [
32 var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); 47 function (req, res, next) {
33 if (!users) return res.send(401); 48 var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
34 if (!users[req.query.username]) return res.send(401); 49 if (!users) return res.send(401);
50 if (!users[req.query.username]) return res.send(401);
35 51
36 bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { 52 bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
37 if (error || !valid) return res.send(401); 53 if (error || !valid) return res.send(401);
38 next(); 54
39 }); 55 req.user = {
40 }; 56 username: req.query.username
57 };
58
59 next();
60 });
61 },
62 issueAccessToken()
63 ];
41} 64}
42 65
43var opts = { 66var opts = {
@@ -58,3 +81,23 @@ var opts = {
58passport.use(new LdapStrategy(opts, function (profile, done) { 81passport.use(new LdapStrategy(opts, function (profile, done) {
59 done(null, profile); 82 done(null, profile);
60})); 83}));
84
85exports.verify = passport.authenticate('bearer', { session: false });
86
87passport.use(new BearerStrategy(function (token, done) {
88 if (!gTokenStore[token]) return done(null, false);
89
90 return done(null, gTokenStore[token], { accessToken: token });
91}));
92
93exports.logout = function (req, res, next) {
94 console.log(req.authInfo);
95
96 delete gTokenStore[req.authInfo.accessToken];
97
98 next(new HttpSuccess(200, {}));
99};
100
101exports.getProfile = function (req, res, next) {
102 next(new HttpSuccess(200, { username: req.user.username }));
103};