217 lines
4.9 KiB
JavaScript
217 lines
4.9 KiB
JavaScript
/*
|
|
* This file is part of the authRXBN single sign-on package.
|
|
*
|
|
* (c) Ruben Meyer <contact@rxbn.de>
|
|
*/
|
|
|
|
var express = require('express');
|
|
var route = express.Router();
|
|
|
|
/**
|
|
* register a user; currently not implemented
|
|
* @url /register
|
|
* @method POST
|
|
*/
|
|
route.post('/register', (req, res) => {
|
|
// if registration is disabled
|
|
if(!global['app'].cfg.web.registration) {
|
|
return res.type('json').status(400).end(JSON.stringify({status: 400, message: "msg.auth.registration.deactivated"}));
|
|
} else {
|
|
// am i rite?
|
|
return res.type('json').status(200).end(JSON.stringify({}));
|
|
}
|
|
});
|
|
|
|
/**
|
|
* login a user
|
|
* @url /api/login
|
|
* @method POST
|
|
* @POST ['email', 'password']
|
|
* @TODO add new activity 'action.user.login'
|
|
*/
|
|
route.post('/login', (req, res) => {
|
|
// if user is logged in (existing session); FAIL
|
|
if(req.session.user) {
|
|
return res.type('json').end(JSON.stringify({
|
|
status: 401,
|
|
message: 'msg.auth.logout.required'
|
|
}));
|
|
}
|
|
|
|
// check body variables
|
|
if(!req.body.email || !req.body.password) {
|
|
return res.type('json').status(401).end(JSON.stringify({
|
|
status: 401,
|
|
message: [
|
|
'msg.request.data.missing',
|
|
'msg.auth.login.failed'
|
|
]
|
|
}));
|
|
}
|
|
let email = req.body.email;
|
|
let pass = req.body.password;
|
|
|
|
// database query: get user by email
|
|
global['modules'].database.getUser(email, (err, rep) => {
|
|
// if database error
|
|
if(err) {
|
|
// log error while debugging
|
|
global['logs'].debug(err);
|
|
|
|
// login failed because of database error
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
status: 500,
|
|
message: [
|
|
'msg.database.error',
|
|
'msg.auth.login.failed'
|
|
]
|
|
}));
|
|
}
|
|
|
|
// no reply (user does not exist) or password is wrong
|
|
if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) {
|
|
return res.type('json').status(401).end(JSON.stringify({
|
|
status: 401,
|
|
message: 'msg.auth.login.failed'
|
|
}));
|
|
// do login
|
|
} else {
|
|
// add cookies; login
|
|
// new activity 'action.user.login'
|
|
|
|
// add session data
|
|
req.session.user = {
|
|
'id': rep[0]._id,
|
|
'group': rep[0].group
|
|
};
|
|
|
|
return res.type('json').end(JSON.stringify({
|
|
status: 200,
|
|
message: 'msg.auth.login.successful',
|
|
type: 'form' // TODO: types - { form, access_app}
|
|
}));
|
|
}
|
|
});
|
|
});
|
|
|
|
/**
|
|
* apps verify token
|
|
* @url /api/authenticate
|
|
* @method POST
|
|
* @POST ['applicationId', 'applicationSecret', 'userId', 'token']
|
|
* @TODO add implementation
|
|
*/
|
|
route.post('/authenticate', (req, res) => {
|
|
// TODO: authenticate
|
|
});
|
|
|
|
/**
|
|
* redirect user to app
|
|
* @url /api/redirect
|
|
* @method GET
|
|
* @GET ['id']
|
|
*/
|
|
route.get('/redirect', (req, res) => {
|
|
// if user is logged in
|
|
if(req.session && req.session.user) {
|
|
// missing query data to retrieve app
|
|
if(!req.query || !req.query.id) {
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
status: 500,
|
|
message: [
|
|
'msg.request.data.missing'
|
|
]
|
|
}));
|
|
}
|
|
|
|
// set auth code
|
|
global['modules'].database.setAuthCode({
|
|
aId: req.query.id,
|
|
uId: req.session.user.id
|
|
}, (err, rep) => {
|
|
// database error
|
|
if(err) {
|
|
global['logs'].debug(err);
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
status: 500,
|
|
message: [
|
|
'msg.database.error'
|
|
]
|
|
}));
|
|
}
|
|
else if(rep) {
|
|
// retrieve apps
|
|
global['modules'].database.getApps((err2, rep2) => {
|
|
// database error
|
|
if(err2) {
|
|
global['logs'].debug(err2);
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
status: 500,
|
|
message: [
|
|
'msg.database.error'
|
|
]
|
|
}));
|
|
}
|
|
// for each app
|
|
rep2.forEach((app) => {
|
|
// if app.id is equal to queried app
|
|
if(app.id == req.query.id) {
|
|
// redirect to app
|
|
return res.redirect(app.access+"?uid="+req.session.user.id+"&token="+rep.token);
|
|
}
|
|
});
|
|
});
|
|
} else {
|
|
// database error
|
|
return res.type('json').status(500).end(JSON.stringify({
|
|
status: 500,
|
|
message: [
|
|
'msg.database.error'
|
|
]
|
|
}));
|
|
}
|
|
});
|
|
// user isnt logged in
|
|
} else {
|
|
return res.type('json').end(JSON.stringify({
|
|
status: 401,
|
|
message: 'msg.auth.login.required'
|
|
}));
|
|
}
|
|
});
|
|
|
|
/**
|
|
* logout user
|
|
* @url /api/logout
|
|
* @method GET
|
|
*/
|
|
route.get('/logout', (req, res) => {
|
|
// user needs to be logged in
|
|
if(!req.session || !req.session.user) {
|
|
return res.type('json').end(JSON.stringify({
|
|
status: 401,
|
|
message: 'msg.auth.login.required'
|
|
}));
|
|
// logout user
|
|
} else {
|
|
res.clearCookie('RememberMe');
|
|
req.session.destroy();
|
|
return res.type('json').end(JSON.stringify({
|
|
status: 200,
|
|
message: 'msg.auth.logout.successful'
|
|
}));
|
|
}
|
|
});
|
|
|
|
if(global['gds'].debug) {
|
|
// DEBUG info
|
|
route.get('/info', (req, res) => {
|
|
let obj = {};
|
|
if(req.session) obj.session = req.session;
|
|
if(req.cookies) obj.cookie = req.cookies;
|
|
res.type('json').end(JSON.stringify(obj));
|
|
});
|
|
}
|
|
|
|
module.exports = route;
|