2019-06-18 22:44:35 +00:00
|
|
|
/*
|
|
|
|
* This file is part of the authRXBN single sign-on package.
|
|
|
|
*
|
|
|
|
* (c) Ruben Meyer <contact@rxbn.de>
|
|
|
|
*/
|
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
express = require('express');
|
|
|
|
route = express.Router();
|
|
|
|
asyncer = require('express-async-handler');
|
2019-06-18 22:44:35 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
fs = require('fs');
|
|
|
|
path = require('path');
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2020-08-14 21:40:19 +00:00
|
|
|
var cfg = require(global['__dirname']+'/bin/config');
|
2020-08-14 11:20:19 +00:00
|
|
|
|
|
|
|
let getRoutes = async () => {
|
|
|
|
let db = global['requireModule']('database');
|
|
|
|
await db.connect();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* main page
|
|
|
|
* @url /
|
2020-08-31 07:49:24 +00:00
|
|
|
* @method GET
|
2020-08-14 11:20:19 +00:00
|
|
|
*/
|
2020-08-31 07:49:24 +00:00
|
|
|
route.get('/', asyncer(async (req, res, next) => {
|
|
|
|
obj = {
|
2019-11-23 23:37:01 +00:00
|
|
|
session: req.session,
|
2020-08-14 21:40:19 +00:00
|
|
|
cfg: cfg
|
2020-08-31 07:49:24 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
// if user is logged in
|
|
|
|
if(req.session && req.session.user) {
|
|
|
|
obj.user = (await db.getUser(req.session.user.id)).reply;
|
|
|
|
obj.group = (await db.getGroup(obj.user.group)).reply;
|
|
|
|
apps = await db.getApps();
|
|
|
|
obj.apps = apps.reply;
|
|
|
|
}
|
|
|
|
res.render('index', obj);
|
2020-08-14 11:20:19 +00:00
|
|
|
}));
|
|
|
|
|
|
|
|
/**
|
|
|
|
* login page or apprequest page
|
2020-08-31 07:49:24 +00:00
|
|
|
* @url /authenticate
|
2020-08-14 11:20:19 +00:00
|
|
|
* @method GET
|
|
|
|
*/
|
|
|
|
route.get('/authenticate', asyncer(async (req, res) => {
|
|
|
|
|
|
|
|
if(req.session) {
|
|
|
|
// if there isnt an apprequest
|
|
|
|
if(!req.session.appRequest)
|
|
|
|
req.session.appRequest = {}; // TODO: data
|
|
|
|
}
|
2019-11-24 22:23:04 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
// query apps
|
|
|
|
apps = await db.getApps();
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2019-11-30 23:56:33 +00:00
|
|
|
// set appId in appRequest
|
2019-11-24 22:23:04 +00:00
|
|
|
if(req.query.appId) {
|
|
|
|
if(req.query.appId && typeof req.query.appId == "string") {
|
|
|
|
// req.query.appId
|
|
|
|
// verify appId (if in rep)
|
|
|
|
req.session.appRequest.appId = req.query.appId;
|
|
|
|
}
|
2020-08-31 07:49:24 +00:00
|
|
|
} else {
|
|
|
|
return res.redirect('/');
|
2019-11-24 22:23:04 +00:00
|
|
|
}
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2019-11-30 23:56:33 +00:00
|
|
|
// if user is logged in, show request page
|
2019-11-24 22:23:04 +00:00
|
|
|
if(req.session && req.session.user) {
|
2020-08-31 07:49:24 +00:00
|
|
|
user = await db.getUser(req.session.user.id);
|
|
|
|
group = await db.getGroup(user.reply.group);
|
|
|
|
|
|
|
|
return res.render('request', {
|
2019-11-24 22:23:04 +00:00
|
|
|
session: req.session,
|
|
|
|
appRequest: req.session.appRequest,
|
2020-08-14 21:40:19 +00:00
|
|
|
apps: apps.reply,
|
2020-08-31 07:49:24 +00:00
|
|
|
cfg: cfg,
|
|
|
|
user: user.reply,
|
|
|
|
group: group.reply
|
2019-11-24 22:23:04 +00:00
|
|
|
});
|
2019-11-30 23:56:33 +00:00
|
|
|
// if user isnt logged in, show login page
|
2019-11-24 22:23:04 +00:00
|
|
|
} else {
|
2020-02-29 20:17:51 +00:00
|
|
|
if(!req.query.appId) req.session.appRequest = {};
|
|
|
|
|
2020-08-31 07:49:24 +00:00
|
|
|
let view_obj = { session: req.session, cfg: cfg };
|
2020-02-29 20:17:51 +00:00
|
|
|
if(req.query.appId) {
|
2020-08-14 11:20:19 +00:00
|
|
|
apps.reply.forEach((app) => {
|
2020-02-29 20:17:51 +00:00
|
|
|
if(app._id == req.query.appId)
|
|
|
|
view_obj["login_title"] = "Login to use "+app.name+" via authRxbn"; // appRequest app name
|
|
|
|
})
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2020-08-31 07:49:24 +00:00
|
|
|
return res.render('login', view_obj);
|
|
|
|
}
|
|
|
|
}));
|
|
|
|
|
2019-11-24 22:23:04 +00:00
|
|
|
}
|
2020-08-14 11:20:19 +00:00
|
|
|
}));
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
/**
|
|
|
|
* all other routes
|
|
|
|
* @url /*
|
|
|
|
* @method all
|
|
|
|
*/
|
2020-08-31 07:42:38 +00:00
|
|
|
route.get('/*', asyncer(async (req, res, next) => {
|
2020-08-14 11:20:19 +00:00
|
|
|
// passthrough to next route
|
|
|
|
if(req.path.startsWith('/api'))
|
|
|
|
return next();
|
2019-06-18 22:44:35 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
if(req.path == "/request") return res.render('error/404');
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2020-08-31 07:42:38 +00:00
|
|
|
let pathRules = await db.getPathRules();
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2020-08-31 07:42:38 +00:00
|
|
|
// retrieve guest group - set as default
|
|
|
|
let groups = await db.getGroups();
|
|
|
|
guestId = null;
|
|
|
|
groups.reply.forEach((group) => {
|
|
|
|
if(group.name == "Guest") guestId = group._id;
|
|
|
|
});
|
|
|
|
let group = guestId;
|
|
|
|
|
|
|
|
// set user group
|
2020-08-14 11:20:19 +00:00
|
|
|
if(req.session && req.session.user) {
|
2020-08-31 07:42:38 +00:00
|
|
|
group = req.session.user.group;
|
2020-08-14 11:20:19 +00:00
|
|
|
}
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2020-08-31 07:42:38 +00:00
|
|
|
for(i = 0; i < pathRules.reply.length; i++) {
|
|
|
|
rule = pathRules.reply[i];
|
2020-08-14 11:20:19 +00:00
|
|
|
if(rule.rule == "block") {
|
2020-08-31 07:42:38 +00:00
|
|
|
if(group == String(rule.group)) {
|
2020-08-14 11:20:19 +00:00
|
|
|
let regex = new RegExp(rule.expression, "g");
|
|
|
|
if(regex.test(req.path)) {
|
|
|
|
if(rule.type == "404") {
|
|
|
|
return res.status(404).render('error/404', {
|
|
|
|
error_code: 404,
|
|
|
|
error_msg: 'msg.request.file.not_found',
|
2020-08-14 21:40:19 +00:00
|
|
|
session: req.session,
|
|
|
|
cfg: cfg
|
2020-08-14 11:20:19 +00:00
|
|
|
});
|
|
|
|
} else if(rule.type == "missing_permission") {
|
|
|
|
return res.status(401).render('error/permission', {
|
|
|
|
error_code: 401,
|
2020-08-14 21:40:19 +00:00
|
|
|
session: req.session,
|
|
|
|
cfg: cfg
|
2020-08-14 11:20:19 +00:00
|
|
|
});
|
2020-08-31 07:42:38 +00:00
|
|
|
} else if(rule.type == "login" && (!req.session || !req.session.user)) {
|
2020-08-14 11:20:19 +00:00
|
|
|
return res.status(401).render('error/login', {
|
|
|
|
error_code: 401,
|
2020-08-14 21:40:19 +00:00
|
|
|
session: req.session,
|
|
|
|
cfg: cfg
|
2020-08-14 11:20:19 +00:00
|
|
|
});
|
|
|
|
} else {
|
|
|
|
return res.status(401).render('error/error', {
|
|
|
|
error_code: 401,
|
2020-08-14 21:40:19 +00:00
|
|
|
session: req.session,
|
|
|
|
cfg: cfg
|
2020-08-14 11:20:19 +00:00
|
|
|
});
|
|
|
|
}
|
2019-09-12 21:44:31 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-08-31 07:42:38 +00:00
|
|
|
};
|
2020-08-14 21:40:19 +00:00
|
|
|
|
2020-08-31 07:35:18 +00:00
|
|
|
let dir = global['__dirname'] + '/bin/web/views';
|
|
|
|
let path_j = path.join(dir, req.path.toLowerCase());
|
|
|
|
if(fs.existsSync(path_j+'.pug')) {
|
2020-08-14 11:20:19 +00:00
|
|
|
return res.render(req.path.replace(/^\//, ''), {
|
|
|
|
session: req.session,
|
2020-08-14 21:40:19 +00:00
|
|
|
cfg: cfg
|
2020-08-14 11:20:19 +00:00
|
|
|
});
|
|
|
|
} else {
|
|
|
|
global['logs'].info("[web] (404) path not found: "+req.path);
|
|
|
|
return res.status(404).render('error/404', {
|
|
|
|
error_code: 404,
|
|
|
|
error_msg: 'msg.request.file.not_found',
|
2020-08-14 21:40:19 +00:00
|
|
|
session: req.session,
|
|
|
|
cfg: cfg
|
2020-08-14 11:20:19 +00:00
|
|
|
});
|
2019-09-12 21:44:31 +00:00
|
|
|
}
|
2020-08-14 21:40:19 +00:00
|
|
|
}));
|
2019-09-12 21:44:31 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
return route;
|
|
|
|
};
|
2019-06-18 22:44:35 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
module.exports = {
|
|
|
|
getRoutes: getRoutes
|
|
|
|
};
|