Add ldap auth

Johannes Zellner
Commit 591ad40c authored Jun 27, 2015 by Johannes Zellner
Showing with 61 additions and 4 deletions
Dockerfile
app.js
cli/actions.js
package.json
src/auth.js
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,6 +9,7 @@ WORKDIR /app/code
 ADD package.json /app/code/package.json
 ADD src /app/code/src
 ADD app.js /app/code/app.js
+ADD app /app/code/app
 RUN npm install
 EXPOSE 3000

--- a/app.js
+++ b/app.js
@@ -4,11 +4,15 @@
 var express = require('express'),
    morgan = require('morgan'),
+    passport = require('passport'),
    path = require('path'),
    compression = require('compression'),
+    session = require('express-session'),
    bodyParser = require('body-parser'),
+    cookieParser = require('cookie-parser'),
    lastMile = require('connect-lastmile'),
    multipart = require('./src/multipart'),
+    auth = require('./src/auth.js'),
    files = require('./src/files.js')(path.resolve(__dirname, 'files'));
 var app = express();
@@ -16,18 +20,23 @@ var router = new express.Router();
 var multipart = multipart({ maxFieldsSize: 2 * 1024, limit: '512mb', timeout: 3 * 60 * 1000 });
-router.get('/api/files/*', files.get);
+router.get('/api/files/*', auth.ldap, files.get);
-router.put('/api/files/*', multipart, files.put);
+router.put('/api/files/*', auth.ldap, multipart, files.put);
-router.delete('/api/files/*', files.del);
+router.delete('/api/files/*', auth.ldap, files.del);
 // healthcheck in case / does not serve up any file yet
 router.get('/', function (req, res) { res.sendfile(path.join(__dirname, '/app/welcome.html')); });
 app.use(morgan('dev'));
 app.use(compression());
-app.use(bodyParser.json());
 app.use('/settings', express.static(__dirname + '/app'));
 app.use(express.static(__dirname + '/files'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded());
+app.use(cookieParser());
+app.use(session({ secret: 'surfin surfin' }));
+app.use(passport.initialize());
+app.use(passport.session());
 app.use(router);
 app.use(lastMile());

--- a/cli/actions.js
+++ b/cli/actions.js
@@ -44,6 +44,8 @@ function collectFiles(filesOrFolders) {
 }
 function login(server) {
+    if (server[server.length-1] === '/') server = server.slice(0, -1);
    console.log('Using server', server);
    config.set('server', server);
 }

--- a/package.json
+++ b/package.json
@@ -23,13 +23,16 @@
    "compression": "^1.5.0",
    "connect-lastmile": "0.0.10",
    "connect-timeout": "^1.6.2",
+    "cookie-parser": "^1.3.5",
    "debug": "^2.2.0",
    "del": "^1.2.0",
    "ejs": "^2.3.1",
    "express": "^4.12.4",
+    "express-session": "^1.11.3",
    "mkdirp": "^0.5.1",
    "morgan": "^1.6.0",
    "multiparty": "^4.1.2",
+    "passport": "^0.2.2",
    "safetydance": "0.0.16",
    "superagent": "^1.2.0",
    "underscore": "^1.8.3"

--- a/src/auth.js
+++ b/src/auth.js
+'use strict';
+var passport = require('passport'),
+    LdapStrategy = require('passport-ldapjs').Strategy;
+var LDAP_URL = process.env.LDAP_URL;
+var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
+if (LDAP_URL && LDAP_USERS_BASE_DN) {
+    console.log('Enable ldap auth');
+    exports.ldap = passport.authenticate('ldap', {
+        successReturnToOrRedirect: '/',
+        failureRedirect: '/login',
+        failureFlash: true
+    });
+} else {
+    exports.ldap = function (req, res, next) {
+        console.log('ldap auth disabled');
+        next();
+    };
+}
+var opts = {
+    server: {
+        url: LDAP_URL,
+    },
+    base: LDAP_USERS_BASE_DN,
+    search: {
+        filter: '(uid={{username}})',
+        attributes: ['displayname', 'username', 'mail', 'uid'],
+        scope: 'sub'
+    },
+    uidTag: 'uid',
+    usernameField: 'username',
+    passwordField: 'password',
+};
+passport.use(new LdapStrategy(opts, function (profile, done) {
+    console.log('ldap', profile);
+    done(null, profile);
+}));