auth.rxbn.de/bin/web/routes/api.js

/*
 * This file is part of the authRXBN single sign-on package.
 *
 * (c) Ruben Meyer <contact@rxbn.de>
 */

var express = require('express');
var route = express.Router();

/**
 * register a user; currently not implemented
 * @url /register
 * @method POST
 */
route.post('/register', (req, res) => {
	// if registration is disabled
	if(!global['app'].cfg.web.registration) {
		return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"}));
	} else {
		// am i rite?
		return res.type('json').status(200).end(JSON.stringify({}));
	}
});

/**
 * login a user
 * @url /api/login
 * @method POST
 * @POST ['email', 'password']
 * @TODO add new activity 'action.user.login'
 */
route.post('/login', (req, res) => {
	// if user is logged in (existing session); FAIL
	if(req.session.user) {
		return res.type('json').end(JSON.stringify({
			status: 401,
			message: 'msg.auth.logout.required'
		}));
	}

	// check body variables
	if(!req.body.email || !req.body.password) {
		return res.type('json').status(401).end(JSON.stringify({
			status: 401,
			message: [
				'msg.request.data.missing',
				'msg.auth.login.failed'
			]
		}));
	}
	let email = req.body.email;
	let pass = req.body.password;

	// database query: get user by email
	global['modules'].database.getUser(email, (err, rep) => {
		// if database error
		if(err) {
			// log error while debugging
			global['logs'].debug(err);

			// login failed because of database error
			return res.type('json').status(500).end(JSON.stringify({
				status: 500,
				message: [
					'msg.database.error',
					'msg.auth.login.failed'
				]
			}));
		}

		// no reply (user does not exist) or password is wrong
		if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) {
			return res.type('json').status(401).end(JSON.stringify({
				status: 401,
				message: 'msg.auth.login.failed'
			}));
		// do login
		} else {
			// add cookies; login
			// new activity 'action.user.login'

			// add session data
			req.session.user = {
				'id': rep[0]._id,
				'group': rep[0].group
			};

			return res.type('json').end(JSON.stringify({
				status: 200,
				message: 'msg.auth.login.successful',
				type: 'form' // TODO: types - { form, access_app}
			}));
		}
	});
});

/**
 * apps verify token
 * @url /api/authenticate
 * @method POST
 * @POST ['applicationId', 'applicationSecret', 'userId', 'token']
 * @TODO add implementation
 */
route.post('/authenticate', (req, res) => {
	// TODO: authenticate
});

/**
 * redirect user to app
 * @url /api/redirect
 * @method GET
 * @GET ['id']
 */
route.get('/redirect', (req, res) => {
	// if user is logged in
	if(req.session && req.session.user) {
		// missing query data to retrieve app
		if(!req.query || !req.query.id) {
			return res.type('json').status(500).end(JSON.stringify({
				status: 500,
				message: [
					'msg.request.data.missing'
				]
			}));
		}

		// set auth code
		global['modules'].database.setAuthCode({
			aId: req.query.id,
			uId: req.session.user.id
		}, (err, rep) => {
			// database error
			if(err) {
				global['logs'].debug(err);
				return res.type('json').status(500).end(JSON.stringify({
					status: 500,
					message: [
						'msg.database.error'
					]
				}));
			}
			else if(rep) {
				// retrieve apps
				global['modules'].database.getApps((err2, rep2) => {
					// database error
					if(err2) {
						global['logs'].debug(err2);
						return res.type('json').status(500).end(JSON.stringify({
							status: 500,
							message: [
								'msg.database.error'
							]
						}));
					}
					// for each app
					rep2.forEach((app) => {
						// if app.id is equal to queried app
						if(app.id == req.query.id) {
							// redirect to app
							return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token);
						}
					});
				});
			} else {
				// database error
				return res.type('json').status(500).end(JSON.stringify({
					status: 500,
					message: [
						'msg.database.error'
					]
				}));
			}
		});
	// user isnt logged in
	} else {
		return res.type('json').end(JSON.stringify({
			status: 401,
			message: 'msg.auth.login.required'
		}));
	}
});

/**
 * logout user
 * @url /api/logout
 * @method GET
 */
route.get('/logout', (req, res) => {
	// user needs to be logged in
	if(!req.session || !req.session.user) {
		return res.type('json').end(JSON.stringify({
			status: 401,
			message: 'msg.auth.login.required'
		}));
	// logout user
	} else {
		res.clearCookie('RememberMe');
		req.session.destroy();
		return res.type('json').end(JSON.stringify({
			status: 200,
			message: 'msg.auth.logout.successful'
		}));
	}
});

if(global['gds'].debug) {
	// DEBUG info
	route.get('/info', (req, res) => {
		let obj = {};
		if(req.session) obj.session = req.session;
		if(req.cookies) obj.cookie = req.cookies;
		res.type('json').end(JSON.stringify(obj));
	});
}

module.exports = route;
web server 2019-06-18 22:44:35 +00:00			`/*`
			`* This file is part of the authRXBN single sign-on package.`
			`*`
			`* (c) Ruben Meyer <contact@rxbn.de>`
			`*/`

			`var express = require('express');`
			`var route = express.Router();`

web - routes -> comments 2019-11-30 23:56:33 +00:00			`/**`
			`* register a user; currently not implemented`
			`* @url /register`
			`* @method POST`
			`*/`
web server 2019-06-18 22:44:35 +00:00			`route.post('/register', (req, res) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// if registration is disabled`
web server 2019-06-18 22:44:35 +00:00			`if(!global['app'].cfg.web.registration) {`
			`return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"}));`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`} else {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// am i rite?`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`return res.type('json').status(200).end(JSON.stringify({}));`
web server 2019-06-18 22:44:35 +00:00			`}`
			`});`

web - routes -> comments 2019-11-30 23:56:33 +00:00			`/**`
			`* login a user`
			`* @url /api/login`
			`* @method POST`
			`* @POST ['email', 'password']`
			`* @TODO add new activity 'action.user.login'`
			`*/`
web server 2019-06-18 22:44:35 +00:00			`route.post('/login', (req, res) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// if user is logged in (existing session); FAIL`
web - login and logout 2019-11-23 23:37:01 +00:00			`if(req.session.user) {`
			`return res.type('json').end(JSON.stringify({`
			`status: 401,`
			`message: 'msg.auth.logout.required'`
			`}));`
			`}`

			`// check body variables`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`if(!req.body.email \|\| !req.body.password) {`
web - login and logout 2019-11-23 23:37:01 +00:00			`return res.type('json').status(401).end(JSON.stringify({`
			`status: 401,`
			`message: [`
			`'msg.request.data.missing',`
			`'msg.auth.login.failed'`
			`]`
			`}));`
			`}`
			`let email = req.body.email;`
			`let pass = req.body.password;`

web - routes -> comments 2019-11-30 23:56:33 +00:00			`// database query: get user by email`
web - login and logout 2019-11-23 23:37:01 +00:00			`global['modules'].database.getUser(email, (err, rep) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// if database error`
web - login and logout 2019-11-23 23:37:01 +00:00			`if(err) {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// log error while debugging`
web - login and logout 2019-11-23 23:37:01 +00:00			`global['logs'].debug(err);`
web - routes -> comments 2019-11-30 23:56:33 +00:00
			`// login failed because of database error`
web - login and logout 2019-11-23 23:37:01 +00:00			`return res.type('json').status(500).end(JSON.stringify({`
			`status: 500,`
			`message: [`
			`'msg.database.error',`
			`'msg.auth.login.failed'`
			`]`
			`}));`
			`}`
web - routes -> comments 2019-11-30 23:56:33 +00:00
			`// no reply (user does not exist) or password is wrong`
web - login and logout 2019-11-23 23:37:01 +00:00			`if(!rep \|\| rep === null \|\| rep.length == 0 \|\| rep.length > 1 \|\| !global['modules'].auth.validateHash(rep[0].passhash, pass)) {`
			`return res.type('json').status(401).end(JSON.stringify({`
			`status: 401,`
			`message: 'msg.auth.login.failed'`
			`}));`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// do login`
web - login and logout 2019-11-23 23:37:01 +00:00			`} else {`
			`// add cookies; login`
			`// new activity 'action.user.login'`

			`// add session data`
			`req.session.user = {`
			`'id': rep[0]._id,`
			`'group': rep[0].group`
			`};`

			`return res.type('json').end(JSON.stringify({`
			`status: 200,`
			`message: 'msg.auth.login.successful',`
			`type: 'form' // TODO: types - { form, access_app}`
			`}));`
			`}`
			`});`
web server 2019-06-18 22:44:35 +00:00			`});`

web - routes -> comments 2019-11-30 23:56:33 +00:00			`/**`
			`* apps verify token`
			`* @url /api/authenticate`
			`* @method POST`
			`* @POST ['applicationId', 'applicationSecret', 'userId', 'token']`
			`* @TODO add implementation`
			`*/`
web server 2019-06-18 22:44:35 +00:00			`route.post('/authenticate', (req, res) => {`
			`// TODO: authenticate`
			`});`

web - routes -> comments 2019-11-30 23:56:33 +00:00			`/**`
			`* redirect user to app`
			`* @url /api/redirect`
			`* @method GET`
			`* @GET ['id']`
			`*/`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`route.get('/redirect', (req, res) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// if user is logged in`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`if(req.session && req.session.user) {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// missing query data to retrieve app`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`if(!req.query \|\| !req.query.id) {`
			`return res.type('json').status(500).end(JSON.stringify({`
			`status: 500,`
			`message: [`
			`'msg.request.data.missing'`
			`]`
			`}));`
			`}`
web - routes -> comments 2019-11-30 23:56:33 +00:00
			`// set auth code`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`global['modules'].database.setAuthCode({`
			`aId: req.query.id,`
			`uId: req.session.user.id`
			`}, (err, rep) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// database error`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`if(err) {`
			`global['logs'].debug(err);`
			`return res.type('json').status(500).end(JSON.stringify({`
			`status: 500,`
			`message: [`
			`'msg.database.error'`
			`]`
			`}));`
			`}`
			`else if(rep) {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// retrieve apps`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`global['modules'].database.getApps((err2, rep2) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// database error`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`if(err2) {`
			`global['logs'].debug(err2);`
			`return res.type('json').status(500).end(JSON.stringify({`
			`status: 500,`
			`message: [`
			`'msg.database.error'`
			`]`
			`}));`
			`}`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// for each app`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`rep2.forEach((app) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// if app.id is equal to queried app`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`if(app.id == req.query.id) {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// redirect to app`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token);`
			`}`
			`});`
			`});`
			`} else {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// database error`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`return res.type('json').status(500).end(JSON.stringify({`
			`status: 500,`
			`message: [`
			`'msg.database.error'`
			`]`
			`}));`
			`}`
			`});`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// user isnt logged in`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`} else {`
			`return res.type('json').end(JSON.stringify({`
			`status: 401,`
			`message: 'msg.auth.login.required'`
			`}));`
			`}`
			`});`

web - routes -> comments 2019-11-30 23:56:33 +00:00			`/**`
			`* logout user`
			`* @url /api/logout`
			`* @method GET`
			`*/`
web server 2019-06-18 22:44:35 +00:00			`route.get('/logout', (req, res) => {`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// user needs to be logged in`
web - app request -> redirecting 2019-11-30 22:42:34 +00:00			`if(!req.session \|\| !req.session.user) {`
web server 2019-06-18 22:44:35 +00:00			`return res.type('json').end(JSON.stringify({`
			`status: 401,`
			`message: 'msg.auth.login.required'`
			`}));`
web - routes -> comments 2019-11-30 23:56:33 +00:00			`// logout user`
web server 2019-06-18 22:44:35 +00:00			`} else {`
			`res.clearCookie('RememberMe');`
			`req.session.destroy();`
			`return res.type('json').end(JSON.stringify({`
			`status: 200,`
			`message: 'msg.auth.logout.successful'`
			`}));`
			`}`
			`});`

			`if(global['gds'].debug) {`
			`// DEBUG info`
			`route.get('/info', (req, res) => {`
			`let obj = {};`
			`if(req.session) obj.session = req.session;`
			`if(req.cookies) obj.cookie = req.cookies;`
			`res.type('json').end(JSON.stringify(obj));`
			`});`
			`}`

			`module.exports = route;`