Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | 1x 1x 1x 1x | // Copyright (C) 2017 Norman Breau // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. import {StatusCode} from './StatusCode'; import {Request} from './Request'; import {Response} from './Response'; import {ResponseData} from './ResponseData'; import {Logger} from './Logger'; import {getInstance, getApplicationLogger} from './instance'; import {IConfig} from './IConfig'; /** * A base authentication strategy that handles 90% of the authentication process. * This will verify that the token hasn't been manipulated or tainted. * The authenticate API must be implemented by subclasses to further validate the token data * for their specific use cases. */ export class BackendAuthenticationMiddleware { private logger: Logger; public constructor() { this.logger = getApplicationLogger(); } /** * * @param request * @param response * @param options Arbituary object containing any relevant information used for authentication. */ public execute(request: Request, response: Response, options?: any): Promise<any> { let config: IConfig = getInstance().getConfig(); let backendAuthHeader: string = config.backend_authentication_header; let backend: string = request.getHeader(backendAuthHeader); if (backend) { if (config.backend_authentication_secret === null) { this.logger.warn('Backend secret not implemented.'); return Promise.reject(new ResponseData(StatusCode.INTERNAL_ERROR)); } if (backend === config.backend_authentication_secret) { return Promise.resolve(null); } else { return Promise.reject(new ResponseData(StatusCode.ERR_UNAUTHORIZED, { code: 0, reason: 'Missing secret' })); } } else { return Promise.reject(new ResponseData(StatusCode.ERR_UNAUTHORIZED, { code: 0, reason: 'Missing secret' })); } } } |