/* * This file is part of the authRXBN single sign-on package. * * (c) Ruben Meyer */ var express = require('express'); var route = express.Router(); /** * register a user; currently not implemented * @url /register * @method POST */ route.post('/register', (req, res) => { // if registration is disabled if(!global['app'].cfg.web.registration) { return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"})); } else { // am i rite? return res.type('json').status(200).end(JSON.stringify({})); } }); /** * login a user * @url /api/login * @method POST * @POST ['email', 'password'] * @TODO add new activity 'action.user.login' */ route.post('/login', (req, res) => { // if user is logged in (existing session); FAIL if(req.session.user) { return res.type('json').end(JSON.stringify({ status: 401, message: 'msg.auth.logout.required' })); } // check body variables if(!req.body.email || !req.body.password) { return res.type('json').status(401).end(JSON.stringify({ status: 401, message: [ 'msg.request.data.missing', 'msg.auth.login.failed' ] })); } let email = req.body.email; let pass = req.body.password; // database query: get user by email global['modules'].database.getUser(email, (err, rep) => { // if database error if(err) { // log error while debugging global['logs'].debug(err); // login failed because of database error return res.type('json').status(500).end(JSON.stringify({ status: 500, message: [ 'msg.database.error', 'msg.auth.login.failed' ] })); } // no reply (user does not exist) or password is wrong if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) { return res.type('json').status(401).end(JSON.stringify({ status: 401, message: 'msg.auth.login.failed' })); // do login } else { // add cookies; login // new activity 'action.user.login' // add session data req.session.user = { 'id': rep[0]._id, 'group': rep[0].group }; return res.type('json').end(JSON.stringify({ status: 200, message: 'msg.auth.login.successful', type: 'form' // TODO: types - { form, access_app} })); } }); }); /** * apps verify token * @url /api/authenticate * @method POST * @POST ['applicationId', 'applicationSecret', 'userId', 'token'] * @TODO add implementation */ route.post('/authenticate', (req, res) => { // TODO: authenticate }); /** * redirect user to app * @url /api/redirect * @method GET * @GET ['id'] */ route.get('/redirect', (req, res) => { // if user is logged in if(req.session && req.session.user) { // missing query data to retrieve app if(!req.query || !req.query.id) { return res.type('json').status(500).end(JSON.stringify({ status: 500, message: [ 'msg.request.data.missing' ] })); } // set auth code global['modules'].database.setAuthCode({ aId: req.query.id, uId: req.session.user.id }, (err, rep) => { // database error if(err) { global['logs'].debug(err); return res.type('json').status(500).end(JSON.stringify({ status: 500, message: [ 'msg.database.error' ] })); } else if(rep) { // retrieve apps global['modules'].database.getApps((err2, rep2) => { // database error if(err2) { global['logs'].debug(err2); return res.type('json').status(500).end(JSON.stringify({ status: 500, message: [ 'msg.database.error' ] })); } // for each app rep2.forEach((app) => { // if app.id is equal to queried app if(app.id == req.query.id) { // redirect to app return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token); } }); }); } else { // database error return res.type('json').status(500).end(JSON.stringify({ status: 500, message: [ 'msg.database.error' ] })); } }); // user isnt logged in } else { return res.type('json').end(JSON.stringify({ status: 401, message: 'msg.auth.login.required' })); } }); /** * logout user * @url /api/logout * @method GET */ route.get('/logout', (req, res) => { // user needs to be logged in if(!req.session || !req.session.user) { return res.type('json').end(JSON.stringify({ status: 401, message: 'msg.auth.login.required' })); // logout user } else { res.clearCookie('RememberMe'); req.session.destroy(); return res.type('json').end(JSON.stringify({ status: 200, message: 'msg.auth.logout.successful' })); } }); if(global['gds'].debug) { // DEBUG info route.get('/info', (req, res) => { let obj = {}; if(req.session) obj.session = req.session; if(req.cookies) obj.cookie = req.cookies; res.type('json').end(JSON.stringify(obj)); }); } module.exports = route;