123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 |
- import easyNoPassword from 'easy-no-password';
- import express from 'express';
- import crypto from 'crypto';
- import log from './log.js';
- import { throwError, errorGuard, errorMiddleware } from './error.js';
- import { isInWhiteList } from './whitelist.js'
- import { WHITELIST_PATH } from './settings.js'
- const sha256 = (data) => {
- return crypto.createHash('sha256').update(data, 'binary').digest('hex');
- };
- // Auth Middleware
- export const authentication = ({
- prefix = 'auth',
- secret,
- // eslint-disable-next-line no-unused-vars
- onSendToken = ({ remote, userEmail, userId, token, req }) =>
- Promise.resolve(),
- // eslint-disable-next-line no-unused-vars
- onLogin = (req, userId) => {},
- // eslint-disable-next-line no-unused-vars
- onLogout = (req) => {},
- } = {}) => {
- const router = express.Router();
- const enp = easyNoPassword(secret);
- // Verify token
- router.get(
- `/${prefix}/verify/:userId/:token`,
- errorGuard(async (req, res) => {
- const {
- params: { token, userId },
- } = req;
- const isValid = await new Promise((resolve, reject) => {
- enp.isValid(token, userId, (err, isValid) => {
- if (err) {
- reject(err);
- }
- resolve(isValid);
- });
- });
- if (!isValid) {
- throwError('Token invalid or has expired', 403);
- } else {
- onLogin(userId, req);
- res.json({ message: 'success' });
- }
- })
- );
- // Allow to check authentification
- router.get(
- `/${prefix}/check`,
- errorGuard(async (req, res) => {
- if (req.session.userId) {
- res.json({ message: 'success' });
- } else {
- throwError('Not authenticated', 403);
- }
- })
- );
- // Get token
- router.post(
- `/${prefix}/`,
- errorGuard(async (req, res, next) => {
- const {
- body: { userEmail },
- ricochetOrigin,
- } = req;
- if (!userEmail) {
- throwError("Missing mandatory 'email' parameter", 400);
- }
- if (! await isInWhiteList(WHITELIST_PATH, userEmail)) {
- log.warn(userEmail + " not in whitelist.", 403);
- throwError(userEmail + " not in whitelist.", 403);
- }
- const userId = sha256(userEmail.toLowerCase());
- enp.createToken(userId, (err, token) => {
- if (err) {
- throwError('Unknown error', 500);
- }
- return onSendToken({
- remote: ricochetOrigin,
- userEmail,
- userId,
- token,
- req,
- }).then(
- () => {
- res.json({ message: 'Token sent' });
- },
- (e) => {
- log.error({ error: e }, 'Error while sending email');
- const errorObject = new Error(e);
- errorObject.statusCode = 503;
- next(errorObject);
- }
- );
- });
- })
- );
- // Logout
- router.get(
- `/${prefix}/logout/`,
- errorGuard(async (req, res) => {
- onLogout(req);
- res.json({ message: 'logged out' });
- })
- );
- router.use(errorMiddleware);
- return router;
- };
- export default authentication;
|