web - authenticate user,app combination

git - more specific README.md
2 changed files with 62 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,14 @@
 # [auth.rxbn.de](https://auth.rxbn.de) - Single sign-on (SSO) Service

-Single sign-on authentication and authorization service for rxbn.de services
+Single sign-on authentication service for rxbn.de services
+
+# Environment variables
+- __*DB_URL*__ := [MongoDB Connection URI String Format](https://docs.mongodb.com/manual/reference/connection-string/), ex.: mongodb://mongoDBUser:[email protected]:27017/admin
+- __*DB_NAME*__ := MongoDB Database, ex.: authRxbn
+- __*SESSION_KEY*__ := SessionKey to encrypt sessions
+- __*COOKIE_KEY*__ := CookieKey to encrypt cookies
+- __*PROMETHEUS_USER*__ := PrometheusUser for basic authentication on prometheus endpoints, ex.: test
+- __*PROMETHEUS_PW*__ := PrometheusPassword for basic authentication on prometheus endpoints, ex.: test

 # start server
 ## regular
--- a/bin/web/routes/api/authenticate.js
+++ b/bin/web/routes/api/authenticate.js
@ -1,3 +1,6 @@
+var sanitize = require('mongo-sanitize');
+let db = global['requireModule']('database');
+
 module.exports = {
 	path: "/authenticate",
 	/**
@ -5,9 +8,57 @@ module.exports = {
 	 * @url /api/authenticate
 	 * @method POST
 	 * @POST ['applicationId', 'applicationSecret', 'userId', 'token']
-	 * @TODO add implementation
 	 */
 	post: async (req, res) => {
-		return res.end();
+		// check body variables
+		if(!req.body.applicationId || !req.body.applicationSecret || !req.body.userId || !req.body.token) {
+			return res.type('json').status(401).end(JSON.stringify({
+				status: 401,
+				message: [
+					'msg.request.data.missing'
+				]
+			}));
+		}
+
+		let applicationId = sanitize(req.body.applicationId);
+		let applicationSecret = sanitize(req.body.applicationSecret);
+		let userId = sanitize(req.body.userId);
+		let token = sanitize(req.body.token);
+
+		let auth = await db.getAuth({
+			aId: applicationId,
+			aSecret: applicationSecret,
+			uId: userId,
+			token: token
+		});
+
+		// if database error
+		if(auth.err) {
+			// log error while debugging
+			global['logs'].debug(auth.err);
+
+			// database error
+			return res.type('json').status(500).end(JSON.stringify({
+				status: 500,
+				message: [
+					'msg.database.error'
+				]
+			}));
+		}
+
+		// no reply (user does not exist) or password is wrong
+		if(!auth.reply || auth.reply === null || auth.reply.length == 0) {
+			return res.type('json').status(401).end(JSON.stringify({
+				status: 401,
+				message: 'msg.auth.authentication.failed'
+			}));
+		// authentication granted
+		} else {
+			// no authorization, the clients are also resource servers and therefore handle data requests for themself
+			return res.type('json').status(200).end(JSON.stringify({
+				status: 200,
+				message: 'msg.auth.authentication.successful'
+			}));
+		}
 	}
 };
Author	SHA1	Message	Date
Ruben Meyer	ff55932d44	web - authenticate user,app combination	1 year ago
Ruben Meyer	6e15aa5fe9	git - more specific README.md	1 year ago