diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/auth.js | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/src/auth.js b/src/auth.js index 0338632..093f297 100644 --- a/src/auth.js +++ b/src/auth.js | |||
@@ -3,53 +3,47 @@ | |||
3 | var passport = require('passport'), | 3 | var passport = require('passport'), |
4 | path = require('path'), | 4 | path = require('path'), |
5 | safe = require('safetydance'), | 5 | safe = require('safetydance'), |
6 | fs = require('fs'), | ||
6 | bcrypt = require('bcryptjs'), | 7 | bcrypt = require('bcryptjs'), |
7 | uuid = require('uuid/v4'), | 8 | uuid = require('uuid/v4'), |
8 | redis = require('redis'), | ||
9 | BearerStrategy = require('passport-http-bearer').Strategy, | 9 | BearerStrategy = require('passport-http-bearer').Strategy, |
10 | LdapStrategy = require('passport-ldapjs').Strategy, | 10 | LdapStrategy = require('passport-ldapjs').Strategy, |
11 | HttpError = require('connect-lastmile').HttpError, | 11 | HttpError = require('connect-lastmile').HttpError, |
12 | HttpSuccess = require('connect-lastmile').HttpSuccess; | 12 | HttpSuccess = require('connect-lastmile').HttpSuccess; |
13 | 13 | ||
14 | var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json'); | 14 | const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json'); |
15 | const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE || './.tokens.json'); | ||
15 | 16 | ||
16 | var tokenStore = { | 17 | var tokenStore = { |
17 | data: {}, | 18 | data: {}, |
19 | save: function () { | ||
20 | try { | ||
21 | fs.writeFileSync(TOKENSTORE_FILE, JSON.stringify(tokenStore.data), 'utf-8'); | ||
22 | } catch (e) { | ||
23 | console.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e); | ||
24 | } | ||
25 | }, | ||
18 | get: function (token, callback) { | 26 | get: function (token, callback) { |
19 | callback(tokenStore.data[token] ? null : 'not found', tokenStore.data[token]); | 27 | callback(tokenStore.data[token] ? null : 'not found', tokenStore.data[token]); |
20 | }, | 28 | }, |
21 | set: function (token, data, callback) { | 29 | set: function (token, data, callback) { |
22 | tokenStore.data[token] = data; | 30 | tokenStore.data[token] = data; |
31 | tokenStore.save(); | ||
23 | callback(null); | 32 | callback(null); |
24 | }, | 33 | }, |
25 | del: function (token, callback) { | 34 | del: function (token, callback) { |
26 | delete tokenStore.data[token]; | 35 | delete tokenStore.data[token]; |
36 | tokenStore.save(); | ||
27 | callback(null); | 37 | callback(null); |
28 | } | 38 | } |
29 | }; | 39 | }; |
30 | 40 | ||
31 | if (process.env.REDIS_URL) { | 41 | // load token store data if any |
32 | console.log('Enable redis token store'); | 42 | try { |
33 | 43 | console.log(`Using tokenstore file: ${TOKENSTORE_FILE}`); | |
34 | var redisClient = redis.createClient(process.env.REDIS_URL); | 44 | tokenStore.data = JSON.parse(fs.readFileSync(TOKENSTORE_FILE, 'utf-8')); |
35 | 45 | } catch (e) { | |
36 | if (process.env.REDIS_PASSWORD) { | 46 | // start with empty token store |
37 | console.log('Using redis auth'); | ||
38 | redisClient.auth(process.env.REDIS_PASSWORD); | ||
39 | } | ||
40 | |||
41 | // overwrite the tokenStore api | ||
42 | tokenStore.get = function (token, callback) { | ||
43 | redisClient.get(token, function (error, result) { | ||
44 | callback(error || null, safe.JSON.parse(result)); | ||
45 | }); | ||
46 | }; | ||
47 | tokenStore.set = function (token, data, callback) { | ||
48 | redisClient.set(token, JSON.stringify(data), callback); | ||
49 | }; | ||
50 | tokenStore.del = redisClient.del.bind(redisClient); | ||
51 | } else { | ||
52 | console.log('Use in-memory token store'); | ||
53 | } | 47 | } |
54 | 48 | ||
55 | function issueAccessToken() { | 49 | function issueAccessToken() { |
@@ -77,11 +71,11 @@ var LDAP_URL = process.env.LDAP_URL; | |||
77 | var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN; | 71 | var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN; |
78 | 72 | ||
79 | if (LDAP_URL && LDAP_USERS_BASE_DN) { | 73 | if (LDAP_URL && LDAP_USERS_BASE_DN) { |
80 | console.log('Enable ldap auth'); | 74 | console.log('Using ldap auth'); |
81 | 75 | ||
82 | exports.login = [ passport.authenticate('ldap'), issueAccessToken() ]; | 76 | exports.login = [ passport.authenticate('ldap'), issueAccessToken() ]; |
83 | } else { | 77 | } else { |
84 | console.log('Use local user file:', LOCAL_AUTH_FILE); | 78 | console.log(`Using local user file: ${LOCAL_AUTH_FILE}`); |
85 | 79 | ||
86 | exports.login = [ | 80 | exports.login = [ |
87 | function (req, res, next) { | 81 | function (req, res, next) { |