2019-06-18 22:44:35 +00:00
|
|
|
/*
|
|
|
|
* This file is part of the authRXBN single sign-on package.
|
|
|
|
*
|
|
|
|
* (c) Ruben Meyer <contact@rxbn.de>
|
|
|
|
*/
|
|
|
|
|
|
|
|
var express = require('express');
|
|
|
|
var route = express.Router();
|
2020-08-14 11:20:19 +00:00
|
|
|
asyncer = require('express-async-handler');
|
|
|
|
|
|
|
|
getRoutes = async () => {
|
|
|
|
let db = global['requireModule']('database');
|
|
|
|
await db.connect();
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* register a user; currently not implemented
|
|
|
|
* @url /register
|
|
|
|
* @method POST
|
|
|
|
*/
|
|
|
|
route.post('/register', (req, res) => {
|
|
|
|
// if registration is disabled
|
|
|
|
if(!global['app'].cfg.web.registration) {
|
|
|
|
return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"}));
|
|
|
|
} else {
|
|
|
|
// am i rite?
|
|
|
|
return res.type('json').status(200).end(JSON.stringify({}));
|
|
|
|
}
|
|
|
|
});
|
2019-06-18 22:44:35 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
/**
|
|
|
|
* login a user
|
|
|
|
* @url /api/login
|
|
|
|
* @method POST
|
|
|
|
* @POST ['email', 'password']
|
|
|
|
* @TODO add new activity 'action.user.login'
|
|
|
|
*/
|
|
|
|
route.post('/login', asyncer(async (req, res) => {
|
|
|
|
// if user is logged in (existing session); FAIL
|
|
|
|
if(req.session.user) {
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
|
|
status: 401,
|
|
|
|
message: 'msg.auth.logout.required'
|
|
|
|
}));
|
|
|
|
}
|
2019-11-23 23:37:01 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
// check body variables
|
|
|
|
if(!req.body.email || !req.body.password) {
|
|
|
|
return res.type('json').status(401).end(JSON.stringify({
|
|
|
|
status: 401,
|
|
|
|
message: [
|
|
|
|
'msg.request.data.missing',
|
|
|
|
'msg.auth.login.failed'
|
|
|
|
]
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
let email = req.body.email;
|
|
|
|
let pass = req.body.password;
|
|
|
|
|
|
|
|
// database query: get user by email
|
|
|
|
user = await db.getUser(email);
|
2019-11-23 23:37:01 +00:00
|
|
|
|
2019-11-30 23:56:33 +00:00
|
|
|
// if database error
|
2020-08-14 11:20:19 +00:00
|
|
|
if(user.err) {
|
2019-11-30 23:56:33 +00:00
|
|
|
// log error while debugging
|
2020-08-14 11:20:19 +00:00
|
|
|
global['logs'].debug(user.err);
|
2019-11-30 23:56:33 +00:00
|
|
|
|
|
|
|
// login failed because of database error
|
2019-11-23 23:37:01 +00:00
|
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
|
|
status: 500,
|
|
|
|
message: [
|
|
|
|
'msg.database.error',
|
|
|
|
'msg.auth.login.failed'
|
|
|
|
]
|
|
|
|
}));
|
|
|
|
}
|
2019-11-30 23:56:33 +00:00
|
|
|
|
|
|
|
// no reply (user does not exist) or password is wrong
|
2020-08-31 07:49:24 +00:00
|
|
|
if(!user.reply || user.reply === null || user.reply.length == 0 || user.reply.length > 1 || !global['requireModule']('auth').validateHash(user.reply.passhash, pass)) {
|
2019-11-23 23:37:01 +00:00
|
|
|
return res.type('json').status(401).end(JSON.stringify({
|
|
|
|
status: 401,
|
|
|
|
message: 'msg.auth.login.failed'
|
|
|
|
}));
|
2019-11-30 23:56:33 +00:00
|
|
|
// do login
|
2019-11-23 23:37:01 +00:00
|
|
|
} else {
|
|
|
|
// add cookies; login
|
|
|
|
// new activity 'action.user.login'
|
|
|
|
|
|
|
|
// add session data
|
|
|
|
req.session.user = {
|
2020-08-31 07:49:24 +00:00
|
|
|
'id': user.reply._id,
|
|
|
|
'group': user.reply.group
|
2019-11-23 23:37:01 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
|
|
status: 200,
|
|
|
|
message: 'msg.auth.login.successful',
|
|
|
|
type: 'form' // TODO: types - { form, access_app}
|
|
|
|
}));
|
|
|
|
}
|
2020-08-14 11:20:19 +00:00
|
|
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
/**
|
|
|
|
* apps verify token
|
|
|
|
* @url /api/authenticate
|
|
|
|
* @method POST
|
|
|
|
* @POST ['applicationId', 'applicationSecret', 'userId', 'token']
|
|
|
|
* @TODO add implementation
|
|
|
|
*/
|
|
|
|
route.post('/authenticate', (req, res) => {
|
|
|
|
// TODO: authenticate
|
2019-11-23 23:37:01 +00:00
|
|
|
});
|
2020-03-06 23:41:48 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
/**
|
|
|
|
* cancel app request and clear it
|
|
|
|
* @url /api/cancel
|
|
|
|
* @method GET
|
|
|
|
*/
|
|
|
|
route.get('/cancel', (req, res) => {
|
|
|
|
// if user is logged in
|
|
|
|
if(req.session && req.session.user) {
|
|
|
|
req.session.appRequest = {};
|
|
|
|
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
|
|
status: 200,
|
|
|
|
message: 'msg.request.operation.cancel.successful'
|
|
|
|
}));
|
|
|
|
|
|
|
|
// user isnt logged in
|
|
|
|
} else {
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
|
|
status: 401,
|
|
|
|
message: 'msg.auth.login.required'
|
2019-11-30 22:42:34 +00:00
|
|
|
}));
|
|
|
|
}
|
2020-08-14 11:20:19 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
/**
|
|
|
|
* redirect user to app
|
|
|
|
* @url /api/redirect
|
|
|
|
* @method GET
|
|
|
|
* @GET ['id']
|
|
|
|
*/
|
|
|
|
route.get('/redirect', asyncer(async (req, res) => {
|
|
|
|
// if user is logged in
|
|
|
|
if(req.session && req.session.user) {
|
|
|
|
// missing query data to retrieve app
|
|
|
|
if(!req.query || !req.query.id) {
|
|
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
|
|
status: 500,
|
|
|
|
message: [
|
|
|
|
'msg.request.data.missing'
|
|
|
|
]
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
|
|
|
// set auth code
|
|
|
|
authCode = await db.setAuthCode({
|
|
|
|
aId: req.query.id,
|
|
|
|
uId: req.session.user.id
|
|
|
|
});
|
2019-11-30 23:56:33 +00:00
|
|
|
|
|
|
|
// database error
|
2020-08-14 21:40:19 +00:00
|
|
|
if(typeof authCode.err !== "undefined") {
|
|
|
|
global['logs'].debug(authCode.err);
|
2019-11-30 22:42:34 +00:00
|
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
|
|
status: 500,
|
|
|
|
message: [
|
|
|
|
'msg.database.error'
|
|
|
|
]
|
|
|
|
}));
|
|
|
|
}
|
2020-08-14 21:40:19 +00:00
|
|
|
else if(typeof authCode.reply !== "undefined") {
|
2019-11-30 23:56:33 +00:00
|
|
|
// retrieve apps
|
2020-08-14 11:20:19 +00:00
|
|
|
apps = await db.getApps();
|
|
|
|
// database error
|
2020-08-14 21:40:19 +00:00
|
|
|
if(typeof apps.err !== "undefined") {
|
2020-08-14 11:20:19 +00:00
|
|
|
global['logs'].debug(apps.err);
|
|
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
|
|
status: 500,
|
|
|
|
message: [
|
|
|
|
'msg.database.error'
|
|
|
|
]
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
// for each app
|
|
|
|
apps.reply.forEach((app) => {
|
|
|
|
// if app.id is equal to queried app
|
|
|
|
if(app.id == req.query.id) {
|
|
|
|
// redirect to app
|
2020-08-14 21:40:19 +00:00
|
|
|
return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+authCode.reply.token);
|
2019-11-30 22:42:34 +00:00
|
|
|
}
|
|
|
|
});
|
|
|
|
} else {
|
2019-11-30 23:56:33 +00:00
|
|
|
// database error
|
2019-11-30 22:42:34 +00:00
|
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
|
|
status: 500,
|
|
|
|
message: [
|
|
|
|
'msg.database.error'
|
|
|
|
]
|
|
|
|
}));
|
|
|
|
}
|
2020-08-14 11:20:19 +00:00
|
|
|
// user isnt logged in
|
|
|
|
} else {
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
|
|
status: 401,
|
|
|
|
message: 'msg.auth.login.required'
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
}));
|
|
|
|
|
|
|
|
/**
|
|
|
|
* logout user
|
|
|
|
* @url /api/logout
|
|
|
|
* @method GET
|
|
|
|
*/
|
|
|
|
route.get('/logout', (req, res) => {
|
|
|
|
// user needs to be logged in
|
|
|
|
if(!req.session || !req.session.user) {
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
|
|
status: 401,
|
|
|
|
message: 'msg.auth.login.required'
|
|
|
|
}));
|
|
|
|
// logout user
|
|
|
|
} else {
|
|
|
|
res.clearCookie('RememberMe');
|
|
|
|
req.session.destroy();
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
|
|
status: 200,
|
|
|
|
message: 'msg.auth.logout.successful'
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
return route;
|
|
|
|
};
|
2019-06-18 22:44:35 +00:00
|
|
|
|
2020-08-14 11:20:19 +00:00
|
|
|
module.exports = {
|
|
|
|
getRoutes: getRoutes
|
|
|
|
};
|