diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/auth.js | 65 |
1 files changed, 54 insertions, 11 deletions
diff --git a/src/auth.js b/src/auth.js index b56f09f..8645d4c 100644 --- a/src/auth.js +++ b/src/auth.js | |||
@@ -4,10 +4,25 @@ var passport = require('passport'), | |||
4 | path = require('path'), | 4 | path = require('path'), |
5 | safe = require('safetydance'), | 5 | safe = require('safetydance'), |
6 | bcrypt = require('bcryptjs'), | 6 | bcrypt = require('bcryptjs'), |
7 | LdapStrategy = require('passport-ldapjs').Strategy; | 7 | uuid = require('uuid/v4'), |
8 | BearerStrategy = require('passport-http-bearer').Strategy, | ||
9 | LdapStrategy = require('passport-ldapjs').Strategy, | ||
10 | HttpSuccess = require('connect-lastmile').HttpSuccess; | ||
8 | 11 | ||
9 | var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json'); | 12 | var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json'); |
10 | 13 | ||
14 | var gTokenStore = {}; | ||
15 | |||
16 | function issueAccessToken() { | ||
17 | return function (req, res, next) { | ||
18 | var accessToken = uuid(); | ||
19 | |||
20 | gTokenStore[accessToken] = req.user; | ||
21 | |||
22 | next(new HttpSuccess(201, { accessToken: accessToken, user: req.user })); | ||
23 | }; | ||
24 | } | ||
25 | |||
11 | passport.serializeUser(function (user, done) { | 26 | passport.serializeUser(function (user, done) { |
12 | console.log('serializeUser', user); | 27 | console.log('serializeUser', user); |
13 | done(null, user.uid); | 28 | done(null, user.uid); |
@@ -24,20 +39,28 @@ var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN; | |||
24 | if (LDAP_URL && LDAP_USERS_BASE_DN) { | 39 | if (LDAP_URL && LDAP_USERS_BASE_DN) { |
25 | console.log('Enable ldap auth'); | 40 | console.log('Enable ldap auth'); |
26 | 41 | ||
27 | exports.verify = passport.authenticate('ldap'); | 42 | exports.login = [ passport.authenticate('ldap'), issueAccessToken() ]; |
28 | } else { | 43 | } else { |
29 | console.log('Use local user file:', LOCAL_AUTH_FILE); | 44 | console.log('Use local user file:', LOCAL_AUTH_FILE); |
30 | 45 | ||
31 | exports.verify = function (req, res, next) { | 46 | exports.login = [ |
32 | var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); | 47 | function (req, res, next) { |
33 | if (!users) return res.send(401); | 48 | var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE)); |
34 | if (!users[req.query.username]) return res.send(401); | 49 | if (!users) return res.send(401); |
50 | if (!users[req.query.username]) return res.send(401); | ||
35 | 51 | ||
36 | bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { | 52 | bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) { |
37 | if (error || !valid) return res.send(401); | 53 | if (error || !valid) return res.send(401); |
38 | next(); | 54 | |
39 | }); | 55 | req.user = { |
40 | }; | 56 | username: req.query.username |
57 | }; | ||
58 | |||
59 | next(); | ||
60 | }); | ||
61 | }, | ||
62 | issueAccessToken() | ||
63 | ]; | ||
41 | } | 64 | } |
42 | 65 | ||
43 | var opts = { | 66 | var opts = { |
@@ -58,3 +81,23 @@ var opts = { | |||
58 | passport.use(new LdapStrategy(opts, function (profile, done) { | 81 | passport.use(new LdapStrategy(opts, function (profile, done) { |
59 | done(null, profile); | 82 | done(null, profile); |
60 | })); | 83 | })); |
84 | |||
85 | exports.verify = passport.authenticate('bearer', { session: false }); | ||
86 | |||
87 | passport.use(new BearerStrategy(function (token, done) { | ||
88 | if (!gTokenStore[token]) return done(null, false); | ||
89 | |||
90 | return done(null, gTokenStore[token], { accessToken: token }); | ||
91 | })); | ||
92 | |||
93 | exports.logout = function (req, res, next) { | ||
94 | console.log(req.authInfo); | ||
95 | |||
96 | delete gTokenStore[req.authInfo.accessToken]; | ||
97 | |||
98 | next(new HttpSuccess(200, {})); | ||
99 | }; | ||
100 | |||
101 | exports.getProfile = function (req, res, next) { | ||
102 | next(new HttpSuccess(200, { username: req.user.username })); | ||
103 | }; | ||