auth.rxbn.de/bin/web/routes/static.js

/*
 * This file is part of the authRXBN single sign-on package.
 *
 * (c) Ruben Meyer <contact@rxbn.de>
 */

express = require('express');
route = express.Router();
asyncer = require('express-async-handler');

fs = require('fs');
path = require('path');

var cfg = require(global['__dirname']+'/bin/config');

let getRoutes = async () => {
	let db = global['requireModule']('database');
	await db.connect();

	/**
	 * main page
	 * @url /
	 * @method all
	 */
	route.all('/', asyncer(async (req, res, next) => {
		// TODO: show login page or dashboard
		// res.end('login or dashboard');
		apps = await db.getApps();
		res.render('index', {
			session: req.session,
			apps: apps.reply,
			cfg: cfg
		});
	}));

	/**
	 * login page or apprequest page
	 * @url /
	 * @method GET
	 */
	route.get('/authenticate', asyncer(async (req, res) => {

		if(req.session) {
			// if there isnt an apprequest
			if(!req.session.appRequest)
				req.session.appRequest = {}; // TODO: data
		}

		// query apps
		apps = await db.getApps();

		// set appId in appRequest
		if(req.query.appId) {
			if(req.query.appId && typeof req.query.appId == "string") {
				// req.query.appId
				// verify appId (if in rep)
				req.session.appRequest.appId = req.query.appId;

				// TODO: on accept, setAuthCode and redirect with token
				// on cancel, redirect to dashboard
			}
		}

		// if user is logged in, show request page
		if(req.session && req.session.user) {
			res.render('request', {
				session: req.session,
				appRequest: req.session.appRequest,
				apps: apps.reply,
				cfg: cfg
			});
		// if user isnt logged in, show login page
		} else {
			if(!req.query.appId) req.session.appRequest = {};

			let view_obj = { session: req.session };
			if(req.query.appId) {
				apps.reply.forEach((app) => {
					if(app._id == req.query.appId)
						view_obj["login_title"] = "Login to use "+app.name+" via authRxbn"; // appRequest app name
				})

			}

			res.render('login', view_obj);
		}
	}));

	/**
	 * all other routes
	 * @url /*
	 * @method all
	 * @TODO comments
	 */
	route.all('/*', asyncer(async (req, res, next) => {
		// passthrough to next route
		if(req.path.startsWith('/api'))
			return next();

		if(req.path == "/request") return res.render('error/404');

		let pathRules = require("./rules");

		let group = "anon";
		if(req.session && req.session.user) {
			group = "user";
			if(req.session.user.group == 999) group = "admin";
		}

		pathRules.forEach((rule) => {
			if(rule.rule == "block") {
				if(group == rule.group) {
					let regex = new RegExp(rule.expression, "g");
					if(regex.test(req.path)) {
						if(rule.type == "404") {
							global['logs'].info("[web] (404) path not found: "+req.path);
							return res.status(404).render('error/404', {
								error_code: 404,
								error_msg: 'msg.request.file.not_found',
								session: req.session,
								cfg: cfg
							});
						} else if(rule.type == "missing_permission") {
							return res.status(401).render('error/permission', {
								error_code: 401,
								session: req.session,
								cfg: cfg
							});
						} else if(rule.type == "login") {
							return res.status(401).render('error/login', {
								error_code: 401,
								session: req.session,
								cfg: cfg
							});
						} else {
							return res.status(401).render('error/error', {
								error_code: 401,
								session: req.session,
								cfg: cfg
							});
						}
					}
				}
			}
		});


		let dir = global['__dirname'] + '/bin/web/views';
		let path_j = path.join(dir, req.path.toLowerCase());
		if(fs.existsSync(path_j+'.pug')) {
			return res.render(req.path.replace(/^\//, ''), {
				session: req.session,
				apps: apps.reply,
				cfg: cfg
			});
		} else {
			global['logs'].info("[web] (404) path not found: "+req.path);
			return res.status(404).render('error/404', {
				error_code: 404,
				error_msg: 'msg.request.file.not_found',
				session: req.session,
				cfg: cfg
			});
		}

		// TODO: try to login
		// TODO: role-based authorization
		// TODO: show login page or page
	}));

	return route;
};

module.exports = {
	getRoutes: getRoutes
};
web server 2019-06-18 22:44:35 +00:00			`/*`
			`* This file is part of the authRXBN single sign-on package.`
			`*`
			`* (c) Ruben Meyer <contact@rxbn.de>`
			`*/`

general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`express = require('express');`
			`route = express.Router();`
			`asyncer = require('express-async-handler');`
web server 2019-06-18 22:44:35 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`fs = require('fs');`
			`path = require('path');`
web - simple routing 2019-09-12 21:44:31 +00:00
web - quick fix 2020-08-14 21:40:19 +00:00			`var cfg = require(global['__dirname']+'/bin/config');`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00
			`let getRoutes = async () => {`
			`let db = global['requireModule']('database');`
			`await db.connect();`

			`/**`
			`* main page`
			`* @url /`
			`* @method all`
			`*/`
			`route.all('/', asyncer(async (req, res, next) => {`
			`// TODO: show login page or dashboard`
			`// res.end('login or dashboard');`
			`apps = await db.getApps();`
web - login and logout 2019-11-23 23:37:01 +00:00			`res.render('index', {`
			`session: req.session,`
web - quick fix 2020-08-14 21:40:19 +00:00			`apps: apps.reply,`
			`cfg: cfg`
web - login and logout 2019-11-23 23:37:01 +00:00			`});`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`}));`

			`/**`
			`* login page or apprequest page`
			`* @url /`
			`* @method GET`
			`*/`
			`route.get('/authenticate', asyncer(async (req, res) => {`

			`if(req.session) {`
			`// if there isnt an apprequest`
			`if(!req.session.appRequest)`
			`req.session.appRequest = {}; // TODO: data`
			`}`
web - app request -> alpha implementation 2019-11-24 22:23:04 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`// query apps`
			`apps = await db.getApps();`
web - simple routing 2019-09-12 21:44:31 +00:00
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// set appId in appRequest`
web - app request -> alpha implementation 2019-11-24 22:23:04 +00:00			`if(req.query.appId) {`
			`if(req.query.appId && typeof req.query.appId == "string") {`
			`// req.query.appId`
			`// verify appId (if in rep)`
			`req.session.appRequest.appId = req.query.appId;`
web - simple routing 2019-09-12 21:44:31 +00:00
web - app request -> alpha implementation 2019-11-24 22:23:04 +00:00			`// TODO: on accept, setAuthCode and redirect with token`
			`// on cancel, redirect to dashboard`
			`}`
			`}`
web - simple routing 2019-09-12 21:44:31 +00:00
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// if user is logged in, show request page`
web - app request -> alpha implementation 2019-11-24 22:23:04 +00:00			`if(req.session && req.session.user) {`
			`res.render('request', {`
			`session: req.session,`
			`appRequest: req.session.appRequest,`
web - quick fix 2020-08-14 21:40:19 +00:00			`apps: apps.reply,`
			`cfg: cfg`
web - app request -> alpha implementation 2019-11-24 22:23:04 +00:00			`});`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// if user isnt logged in, show login page`
web - app request -> alpha implementation 2019-11-24 22:23:04 +00:00			`} else {`
web - app request -> proper handling 2020-02-29 20:17:51 +00:00			`if(!req.query.appId) req.session.appRequest = {};`

			`let view_obj = { session: req.session };`
			`if(req.query.appId) {`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`apps.reply.forEach((app) => {`
web - app request -> proper handling 2020-02-29 20:17:51 +00:00			`if(app._id == req.query.appId)`
			`view_obj["login_title"] = "Login to use "+app.name+" via authRxbn"; // appRequest app name`
			`})`

			`}`

			`res.render('login', view_obj);`
web - app request -> alpha implementation 2019-11-24 22:23:04 +00:00			`}`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`}));`
web - simple routing 2019-09-12 21:44:31 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`/**`
			`* all other routes`
			`* @url /*`
			`* @method all`
			`* @TODO comments`
			`*/`
web - quick fix 2020-08-14 21:40:19 +00:00			`route.all('/*', asyncer(async (req, res, next) => {`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`// passthrough to next route`
			`if(req.path.startsWith('/api'))`
			`return next();`
web server 2019-06-18 22:44:35 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`if(req.path == "/request") return res.render('error/404');`
web - simple routing 2019-09-12 21:44:31 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`let pathRules = require("./rules");`
web - simple routing 2019-09-12 21:44:31 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`let group = "anon";`
			`if(req.session && req.session.user) {`
			`group = "user";`
			`if(req.session.user.group == 999) group = "admin";`
			`}`
web - simple routing 2019-09-12 21:44:31 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`pathRules.forEach((rule) => {`
			`if(rule.rule == "block") {`
			`if(group == rule.group) {`
			`let regex = new RegExp(rule.expression, "g");`
			`if(regex.test(req.path)) {`
			`if(rule.type == "404") {`
			`global['logs'].info("[web] (404) path not found: "+req.path);`
			`return res.status(404).render('error/404', {`
			`error_code: 404,`
			`error_msg: 'msg.request.file.not_found',`
web - quick fix 2020-08-14 21:40:19 +00:00			`session: req.session,`
			`cfg: cfg`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`});`
			`} else if(rule.type == "missing_permission") {`
			`return res.status(401).render('error/permission', {`
			`error_code: 401,`
web - quick fix 2020-08-14 21:40:19 +00:00			`session: req.session,`
			`cfg: cfg`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`});`
			`} else if(rule.type == "login") {`
			`return res.status(401).render('error/login', {`
			`error_code: 401,`
web - quick fix 2020-08-14 21:40:19 +00:00			`session: req.session,`
			`cfg: cfg`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`});`
			`} else {`
			`return res.status(401).render('error/error', {`
			`error_code: 401,`
web - quick fix 2020-08-14 21:40:19 +00:00			`session: req.session,`
			`cfg: cfg`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`});`
			`}`
web - simple routing 2019-09-12 21:44:31 +00:00			`}`
			`}`
			`}`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`});`

web - quick fix 2020-08-14 21:40:19 +00:00
web - remove file state caching 2020-08-31 07:35:18 +00:00			`let dir = global['__dirname'] + '/bin/web/views';`
			`let path_j = path.join(dir, req.path.toLowerCase());`
			`if(fs.existsSync(path_j+'.pug')) {`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`return res.render(req.path.replace(/^\//, ''), {`
			`session: req.session,`
web - quick fix 2020-08-14 21:40:19 +00:00			`apps: apps.reply,`
			`cfg: cfg`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`});`
			`} else {`
			`global['logs'].info("[web] (404) path not found: "+req.path);`
			`return res.status(404).render('error/404', {`
			`error_code: 404,`
			`error_msg: 'msg.request.file.not_found',`
web - quick fix 2020-08-14 21:40:19 +00:00			`session: req.session,`
			`cfg: cfg`
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`});`
web - simple routing 2019-09-12 21:44:31 +00:00			`}`

general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`// TODO: try to login`
			`// TODO: role-based authorization`
			`// TODO: show login page or page`
web - quick fix 2020-08-14 21:40:19 +00:00			`}));`
web - simple routing 2019-09-12 21:44:31 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`return route;`
			`};`
web server 2019-06-18 22:44:35 +00:00
general,web,db - rewrite db module, add async handling 2020-08-14 11:20:19 +00:00			`module.exports = {`
			`getRoutes: getRoutes`
			`};`