215 lines
5.2 KiB
JavaScript
215 lines
5.2 KiB
JavaScript
/*
|
|
* This file is part of the authRXBN single sign-on package.
|
|
*
|
|
* (c) Ruben Meyer <contact@rxbn.de>
|
|
*/
|
|
|
|
express = require('express');
|
|
route = express.Router();
|
|
asyncer = require('express-async-handler');
|
|
|
|
fs = require('fs');
|
|
path = require('path');
|
|
|
|
var cfg = require(global['__dirname']+'/bin/config');
|
|
|
|
let getRoutes = async () => {
|
|
let db = global['requireModule']('database');
|
|
await db.connect();
|
|
|
|
/**
|
|
* main page
|
|
* @url /
|
|
* @method GET
|
|
*/
|
|
route.get('/', asyncer(async (req, res, next) => {
|
|
obj = {
|
|
session: req.session,
|
|
cfg: cfg
|
|
};
|
|
|
|
// if user is logged in
|
|
if(req.session && req.session.user) {
|
|
obj.user = (await db.getUser(req.session.user.id)).reply;
|
|
obj.group = (await db.getGroup(obj.user.group)).reply;
|
|
apps = await db.getApps();
|
|
obj.apps = apps.reply;
|
|
}
|
|
res.render('index', obj);
|
|
}));
|
|
|
|
/**
|
|
* login page or apprequest page
|
|
* @url /authenticate
|
|
* @method GET
|
|
*/
|
|
route.get('/authenticate', asyncer(async (req, res) => {
|
|
|
|
if(req.session) {
|
|
// if there isnt an apprequest
|
|
if(!req.session.appRequest)
|
|
req.session.appRequest = {}; // TODO: data
|
|
}
|
|
|
|
// query apps
|
|
apps = await db.getApps();
|
|
|
|
// set appId in appRequest
|
|
if(req.query.appId || req.session.appRequest) {
|
|
if(req.query.appId && typeof req.query.appId == "string") {
|
|
// req.query.appId
|
|
// verify appId (if in rep)
|
|
req.session.appRequest.appId = req.query.appId;
|
|
}
|
|
} else {
|
|
return res.redirect('/');
|
|
}
|
|
|
|
// if user is logged in, show request page
|
|
if(req.session && req.session.user && req.session.user.loggedInFull) {
|
|
user = await db.getUser(req.session.user.id);
|
|
group = await db.getGroup(user.reply.group);
|
|
|
|
return res.render('request', {
|
|
session: req.session,
|
|
appRequest: req.session.appRequest,
|
|
apps: apps.reply,
|
|
cfg: cfg,
|
|
user: user.reply,
|
|
group: group.reply
|
|
});
|
|
// if user isnt logged in, show login page
|
|
} else {
|
|
if(!req.query.appId) req.session.appRequest = {};
|
|
|
|
let view_obj = { session: req.session, cfg: cfg };
|
|
if(req.query.appId) {
|
|
apps.reply.forEach((app) => {
|
|
if(app._id == req.query.appId)
|
|
view_obj["login_title"] = "Login to use "+app.name+" via authRxbn"; // appRequest app name
|
|
})
|
|
|
|
}
|
|
|
|
return res.render('login', view_obj);
|
|
}
|
|
}));
|
|
|
|
/**
|
|
* settings page
|
|
* @url /settings
|
|
* @method GET
|
|
*/
|
|
route.get('/settings', asyncer(async (req, res, next) => {
|
|
if(req.session && req.session.user) {
|
|
// query user
|
|
user = await db.getUser(req.session.user.id);
|
|
|
|
if(user.reply) {
|
|
group = await db.getGroup(user.reply.group);
|
|
return res.render('settings', {
|
|
session: req.session,
|
|
cfg: cfg,
|
|
user: user.reply,
|
|
group: group.reply
|
|
});
|
|
}
|
|
else
|
|
return res.render('error/404');
|
|
} else {
|
|
return res.render('login', { session: req.session, cfg: cfg });
|
|
}
|
|
}));
|
|
|
|
/**
|
|
* all other routes
|
|
* @url /*
|
|
* @method all
|
|
*/
|
|
route.get(['/request', '/register', '/login', '/logout', '/reset', '/admin'], asyncer(async (req, res, next) => {
|
|
// passthrough to next route
|
|
if(req.path.startsWith('/api'))
|
|
return next();
|
|
|
|
let obj = {
|
|
session: req.session,
|
|
cfg: cfg
|
|
};
|
|
if(req.session && req.session.user) {
|
|
// query user
|
|
userQuery = await db.getUser(req.session.user.id);
|
|
|
|
if(userQuery.reply) {
|
|
groupQuery = await db.getGroup(userQuery.reply.group);
|
|
obj.user = userQuery.reply;
|
|
obj.group = groupQuery.reply;
|
|
}
|
|
}
|
|
if(req.path == "/request") {
|
|
if(req.query.appId) {
|
|
if(req.query.appId && typeof req.query.appId == "string") {
|
|
req.session.appRequest.appId = req.query.appId;
|
|
}
|
|
}
|
|
return res.redirect('/authenticate');
|
|
}
|
|
|
|
let pathRules = await db.getPathRules();
|
|
|
|
// retrieve guest group - set as default
|
|
let groups = await db.getGroups();
|
|
guestId = null;
|
|
groups.reply.forEach((group) => {
|
|
if(group.name == "Guest") guestId = group._id;
|
|
});
|
|
let group = guestId;
|
|
|
|
// set user group
|
|
if(req.session && req.session.user) {
|
|
group = req.session.user.group;
|
|
}
|
|
|
|
for(i = 0; i < pathRules.reply.length; i++) {
|
|
rule = pathRules.reply[i];
|
|
if(rule.rule == "block") {
|
|
if(group == String(rule.group)) {
|
|
let regex = new RegExp(rule.expression, "g");
|
|
if(regex.test(req.path)) {
|
|
if(rule.type == "404") {
|
|
obj.error_code = 404;
|
|
obj.error_msg = 'msg.request.file.not_found';
|
|
return res.status(404).render('error/404', obj);
|
|
} else if(rule.type == "missing_permission") {
|
|
obj.error_code = 401;
|
|
return res.status(401).render('error/permission', obj);
|
|
} else if(rule.type == "login" && (!req.session || !req.session.user)) {
|
|
obj.error_code = 401;
|
|
return res.status(401).render('error/login', obj);
|
|
} else {
|
|
obj.error_code = 401;
|
|
return res.status(401).render('error/error', obj);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
let dir = global['__dirname'] + '/bin/web/views';
|
|
let path_j = path.join(dir, req.path.toLowerCase());
|
|
if(fs.existsSync(path_j+'.pug')) {
|
|
return res.render(req.path.replace(/^\//, ''), obj);
|
|
} else {
|
|
global['logs'].info("[web] (404) path not found: "+req.path);
|
|
obj.error_code = 404;
|
|
obj.error_msg = 'msg.request.file.not_found';
|
|
return res.status(404).render('error/404', obj);
|
|
}
|
|
}));
|
|
|
|
return route;
|
|
};
|
|
|
|
module.exports = {
|
|
getRoutes: getRoutes
|
|
};
|