Skip to content

PUBLIC / surfer-okd

Go to a project
Commit 34adfa85 by Johannes Zellner
Options

Replace passport usage with simpler custom middleware

1 parent f384014e
Inline Side-by-side
Showing with 29 additions and 89 deletions
frontend/js/app.js
...@@ -23,14 +23,14 @@ function asyncForEach(items, handler, callback) { ...@@ -23,14 +23,14 @@ function asyncForEach(items, handler, callback) {
})(); })();
} }
function getProfile(accessToken, callback) { function initWithToken(accessToken) {
superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) { superagent.get('/api/profile').query({ access_token: accessToken }).end(function (error, result) {
app.ready = true; app.ready = true;
if (error && !error.response) return callback(error); if (error && !error.response) return console.error(error);
if (result.statusCode !== 200) { if (result.statusCode !== 200) {
delete localStorage.accessToken; delete localStorage.accessToken;
return callback('Invalid access token'); return;
} }
localStorage.accessToken = accessToken; localStorage.accessToken = accessToken;
...@@ -42,7 +42,7 @@ function getProfile(accessToken, callback) { ...@@ -42,7 +42,7 @@ function getProfile(accessToken, callback) {
app.folderListingEnabled = !!result.body.folderListingEnabled; app.folderListingEnabled = !!result.body.folderListingEnabled;
callback(); loadDirectory(decode(window.location.hash.slice(1)));
}); });
}); });
} }
...@@ -292,11 +292,7 @@ var app = new Vue({ ...@@ -292,11 +292,7 @@ var app = new Vue({
if (error && !result) return that.$message.error(error.message); if (error && !result) return that.$message.error(error.message);
if (result.statusCode === 401) return that.$message.error('Wrong username or password'); if (result.statusCode === 401) return that.$message.error('Wrong username or password');
getProfile(result.body.accessToken, function (error) { initWithToken(result.body.accessToken);
if (error) return console.error(error);
loadDirectory(decode(window.location.hash.slice(1)));
});
}); });
}, },
onOptionsMenu: function (command) { onOptionsMenu: function (command) {
...@@ -452,11 +448,7 @@ var app = new Vue({ ...@@ -452,11 +448,7 @@ var app = new Vue({
} }
}); });
getProfile(localStorage.accessToken, function (error) { initWithToken(localStorage.accessToken);
if (error) return console.error(error);
loadDirectory(decode(window.location.hash.slice(1)));
});
$(window).on('hashchange', function () { $(window).on('hashchange', function () {
loadDirectory(decode(window.location.hash.slice(1))); loadDirectory(decode(window.location.hash.slice(1)));
......
package-lock.json
...@@ -1164,28 +1164,6 @@ ...@@ -1164,28 +1164,6 @@
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz", "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
"integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M=" "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="
}, },
"passport": {
"version": "0.2.2",
"resolved": "https://registry.npmjs.org/passport/-/passport-0.2.2.tgz",
"integrity": "sha1-nDjxe+uSnz2Br3uIOOhDDbhwPys=",
"requires": {
"passport-strategy": "1.x.x",
"pause": "0.0.1"
}
},
"passport-http-bearer": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/passport-http-bearer/-/passport-http-bearer-1.0.1.tgz",
"integrity": "sha1-FHRp6jZp4qhMYWfvmdu3fh8AmKg=",
"requires": {
"passport-strategy": "1.x.x"
}
},
"passport-strategy": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
"integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ="
},
"path-is-absolute": { "path-is-absolute": {
"version": "1.0.1", "version": "1.0.1",
"resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
...@@ -1201,11 +1179,6 @@ ...@@ -1201,11 +1179,6 @@
"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
"integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
}, },
"pause": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz",
"integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10="
},
"pend": { "pend": {
"version": "1.2.0", "version": "1.2.0",
"resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
......
package.json
...@@ -37,8 +37,6 @@ ...@@ -37,8 +37,6 @@
"mkdirp": "^0.5.1", "mkdirp": "^0.5.1",
"morgan": "^1.9.0", "morgan": "^1.9.0",
"multiparty": "^4.1.2", "multiparty": "^4.1.2",
"passport": "^0.2.2",
"passport-http-bearer": "^1.0.1",
"readline-sync": "^1.4.9", "readline-sync": "^1.4.9",
"request": "^2.83.0", "request": "^2.83.0",
"safetydance": "^0.1.1", "safetydance": "^0.1.1",
......
server.js
...@@ -4,7 +4,6 @@ ...@@ -4,7 +4,6 @@
var express = require('express'), var express = require('express'),
morgan = require('morgan'), morgan = require('morgan'),
passport = require('passport'),
path = require('path'), path = require('path'),
fs = require('fs'), fs = require('fs'),
compression = require('compression'), compression = require('compression'),
...@@ -91,8 +90,6 @@ app.use('/api', bodyParser.json()); ...@@ -91,8 +90,6 @@ app.use('/api', bodyParser.json());
app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' })); app.use('/api', bodyParser.urlencoded({ extended: false, limit: '100mb' }));
app.use('/api', cookieParser()); app.use('/api', cookieParser());
app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false })); app.use('/api', session({ secret: 'surfin surfin', resave: false, saveUninitialized: false }));
app.use('/api', passport.initialize());
app.use('/api', passport.session());
app.use(router); app.use(router);
app.use(webdav.extensions.express('/_webdav', webdavServer)); app.use(webdav.extensions.express('/_webdav', webdavServer));
app.use('/_admin', express.static(__dirname + '/frontend')); app.use('/_admin', express.static(__dirname + '/frontend'));
......
src/auth.js
'use strict'; 'use strict';
var passport = require('passport'), var path = require('path'),
path = require('path'),
safe = require('safetydance'), safe = require('safetydance'),
fs = require('fs'), fs = require('fs'),
bcrypt = require('bcryptjs'), bcrypt = require('bcryptjs'),
uuid = require('uuid/v4'), uuid = require('uuid/v4'),
BearerStrategy = require('passport-http-bearer').Strategy,
ldapjs = require('ldapjs'), ldapjs = require('ldapjs'),
HttpError = require('connect-lastmile').HttpError, HttpError = require('connect-lastmile').HttpError,
HttpSuccess = require('connect-lastmile').HttpSuccess, HttpSuccess = require('connect-lastmile').HttpSuccess,
...@@ -56,27 +54,6 @@ try { ...@@ -56,27 +54,6 @@ try {
// start with empty token store // start with empty token store
} }
function issueAccessToken() {
return function (req, res, next) {
var accessToken = uuid();
tokenStore.set(accessToken, req.user, function (error) {
if (error) return next(new HttpError(500, error));
next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
});
};
}
passport.serializeUser(function (user, done) {
console.log('serializeUser', user);
done(null, user.uid);
});
passport.deserializeUser(function (id, done) {
console.log('deserializeUser', id);
done(null, { uid: id });
});
function verifyUser(username, password, callback) { function verifyUser(username, password, callback) {
if (AUTH_METHOD === 'ldap') { if (AUTH_METHOD === 'ldap') {
var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL }); var ldapClient = ldapjs.createClient({ url: process.env.CLOUDRON_LDAP_URL });
...@@ -121,34 +98,37 @@ function verifyUser(username, password, callback) { ...@@ -121,34 +98,37 @@ function verifyUser(username, password, callback) {
} }
} }
exports.login = [ exports.login = function (req, res, next) {
function (req, res, next) { verifyUser(req.body.username, req.body.password, function (error, user) {
verifyUser(req.body.username, req.body.password, function (error, user) { if (error) return next(new HttpError(401, 'Invalid credentials'));
if (error) return next(new HttpError(401, 'Invalid credentials'));
var accessToken = uuid();
req.user = user; tokenStore.set(accessToken, user, function (error) {
if (error) return next(new HttpError(500, error));
next(); next(new HttpSuccess(201, { accessToken: accessToken, user: user }));
}); });
}, });
issueAccessToken() };
];
exports.verify = passport.authenticate('bearer', { session: false }); exports.verify = function (req, res, next) {
var accessToken = req.query.access_token || req.body.accessToken;
passport.use(new BearerStrategy(function (token, done) { tokenStore.get(accessToken, function (error, user) {
tokenStore.get(token, function (error, result) { if (error) return next(new HttpError(401, 'Invalid Access Token'));
if (error) {
console.error(error); req.user = user;
return done(null, false);
}
done(null, result, { accessToken: token }); next();
}); });
}));
};
exports.logout = function (req, res, next) { exports.logout = function (req, res, next) {
tokenStore.del(req.authInfo.accessToken, function (error) { var accessToken = req.query.access_token || req.body.accessToken;
tokenStore.del(accessToken, function (error) {
if (error) console.error(error); if (error) console.error(error);
next(new HttpSuccess(200, {})); next(new HttpSuccess(200, {}));
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!