/* * This file is part of the authRXBN single sign-on package. * * (c) Ruben Meyer */ express = require('express'); route = express.Router(); asyncer = require('express-async-handler'); fs = require('fs'); path = require('path'); var cfg = require(global['__dirname']+'/bin/config'); let getRoutes = async () => { let db = global['requireModule']('database'); await db.connect(); /** * main page * @url / * @method GET */ route.get('/', asyncer(async (req, res, next) => { obj = { session: req.session, cfg: cfg }; // if user is logged in if(req.session && req.session.user) { obj.user = (await db.getUser(req.session.user.id)).reply; obj.group = (await db.getGroup(obj.user.group)).reply; apps = await db.getApps(); obj.apps = apps.reply; } res.render('index', obj); })); /** * login page or apprequest page * @url /authenticate * @method GET */ route.get('/authenticate', asyncer(async (req, res) => { if(req.session) { // if there isnt an apprequest if(!req.session.appRequest) req.session.appRequest = {}; // TODO: data } // query apps apps = await db.getApps(); // set appId in appRequest if(req.query.appId) { if(req.query.appId && typeof req.query.appId == "string") { // req.query.appId // verify appId (if in rep) req.session.appRequest.appId = req.query.appId; } } else { return res.redirect('/'); } // if user is logged in, show request page if(req.session && req.session.user) { user = await db.getUser(req.session.user.id); group = await db.getGroup(user.reply.group); return res.render('request', { session: req.session, appRequest: req.session.appRequest, apps: apps.reply, cfg: cfg, user: user.reply, group: group.reply }); // if user isnt logged in, show login page } else { if(!req.query.appId) req.session.appRequest = {}; let view_obj = { session: req.session, cfg: cfg }; if(req.query.appId) { apps.reply.forEach((app) => { if(app._id == req.query.appId) view_obj["login_title"] = "Login to use "+app.name+" via authRxbn"; // appRequest app name }) } return res.render('login', view_obj); } })); /** * settings page * @url /settings * @method GET */ route.get('/settings', asyncer(async (req, res, next) => { if(req.session && req.session.user) { // query user user = await db.getUser(req.session.user.id); if(user.reply) { group = await db.getGroup(user.reply.group); return res.render('settings', { session: req.session, cfg: cfg, user: user.reply, group: group.reply }); } else return res.render('error/404'); } else { return res.render('login', { session: req.session, cfg: cfg }); } })); /** * all other routes * @url /* * @method all */ route.get('/*', asyncer(async (req, res, next) => { // passthrough to next route if(req.path.startsWith('/api')) return next(); if(req.path == "/request") return res.render('error/404'); let pathRules = await db.getPathRules(); // retrieve guest group - set as default let groups = await db.getGroups(); guestId = null; groups.reply.forEach((group) => { if(group.name == "Guest") guestId = group._id; }); let group = guestId; // set user group if(req.session && req.session.user) { group = req.session.user.group; } for(i = 0; i < pathRules.reply.length; i++) { rule = pathRules.reply[i]; if(rule.rule == "block") { if(group == String(rule.group)) { let regex = new RegExp(rule.expression, "g"); if(regex.test(req.path)) { if(rule.type == "404") { return res.status(404).render('error/404', { error_code: 404, error_msg: 'msg.request.file.not_found', session: req.session, cfg: cfg }); } else if(rule.type == "missing_permission") { return res.status(401).render('error/permission', { error_code: 401, session: req.session, cfg: cfg }); } else if(rule.type == "login" && (!req.session || !req.session.user)) { return res.status(401).render('error/login', { error_code: 401, session: req.session, cfg: cfg }); } else { return res.status(401).render('error/error', { error_code: 401, session: req.session, cfg: cfg }); } } } } }; let dir = global['__dirname'] + '/bin/web/views'; let path_j = path.join(dir, req.path.toLowerCase()); if(fs.existsSync(path_j+'.pug')) { return res.render(req.path.replace(/^\//, ''), { session: req.session, cfg: cfg }); } else { global['logs'].info("[web] (404) path not found: "+req.path); return res.status(404).render('error/404', { error_code: 404, error_msg: 'msg.request.file.not_found', session: req.session, cfg: cfg }); } })); return route; }; module.exports = { getRoutes: getRoutes };