/* * This file is part of the authRXBN single sign-on package. * * (c) Ruben Meyer */ express = require('express'); route = express.Router(); asyncer = require('express-async-handler'); fs = require('fs'); path = require('path'); var cfg = require(global['__dirname']+'/bin/config'); let getRoutes = async () => { let db = global['requireModule']('database'); await db.connect(); /** * main page * @url / * @method all */ route.all('/', asyncer(async (req, res, next) => { // TODO: show login page or dashboard // res.end('login or dashboard'); apps = await db.getApps(); res.render('index', { session: req.session, apps: apps.reply, cfg: cfg }); })); /** * login page or apprequest page * @url / * @method GET */ route.get('/authenticate', asyncer(async (req, res) => { if(req.session) { // if there isnt an apprequest if(!req.session.appRequest) req.session.appRequest = {}; // TODO: data } // query apps apps = await db.getApps(); // set appId in appRequest if(req.query.appId) { if(req.query.appId && typeof req.query.appId == "string") { // req.query.appId // verify appId (if in rep) req.session.appRequest.appId = req.query.appId; // TODO: on accept, setAuthCode and redirect with token // on cancel, redirect to dashboard } } // if user is logged in, show request page if(req.session && req.session.user) { res.render('request', { session: req.session, appRequest: req.session.appRequest, apps: apps.reply, cfg: cfg }); // if user isnt logged in, show login page } else { if(!req.query.appId) req.session.appRequest = {}; let view_obj = { session: req.session }; if(req.query.appId) { apps.reply.forEach((app) => { if(app._id == req.query.appId) view_obj["login_title"] = "Login to use "+app.name+" via authRxbn"; // appRequest app name }) } res.render('login', view_obj); } })); /** * all other routes * @url /* * @method all * @TODO comments */ route.all('/*', asyncer(async (req, res, next) => { // passthrough to next route if(req.path.startsWith('/api')) return next(); if(req.path == "/request") return res.render('error/404'); let pathRules = require("./rules"); let group = "anon"; if(req.session && req.session.user) { group = "user"; if(req.session.user.group == 999) group = "admin"; } pathRules.forEach((rule) => { if(rule.rule == "block") { if(group == rule.group) { let regex = new RegExp(rule.expression, "g"); if(regex.test(req.path)) { if(rule.type == "404") { global['logs'].info("[web] (404) path not found: "+req.path); return res.status(404).render('error/404', { error_code: 404, error_msg: 'msg.request.file.not_found', session: req.session, cfg: cfg }); } else if(rule.type == "missing_permission") { return res.status(401).render('error/permission', { error_code: 401, session: req.session, cfg: cfg }); } else if(rule.type == "login") { return res.status(401).render('error/login', { error_code: 401, session: req.session, cfg: cfg }); } else { return res.status(401).render('error/error', { error_code: 401, session: req.session, cfg: cfg }); } } } } }); let dir = global['__dirname'] + '/bin/web/views'; let path_j = path.join(dir, req.path.toLowerCase()); if(fs.existsSync(path_j+'.pug')) { return res.render(req.path.replace(/^\//, ''), { session: req.session, apps: apps.reply, cfg: cfg }); } else { global['logs'].info("[web] (404) path not found: "+req.path); return res.status(404).render('error/404', { error_code: 404, error_msg: 'msg.request.file.not_found', session: req.session, cfg: cfg }); } // TODO: try to login // TODO: role-based authorization // TODO: show login page or page })); return route; }; module.exports = { getRoutes: getRoutes };