1 | var router = require("express").Router(),
|
2 | app = require("../lib/app").getInstance(),
|
3 | _ = require('lodash'),
|
4 | passportLocal = require('passport-local'),
|
5 | passportGoogle = require('passport-google-oauth'),
|
6 | passportGithub = require('passport-github').Strategy,
|
7 | tools = require("../lib/tools");
|
8 |
|
9 | var auth = app.locals.config.get("authentication");
|
10 | var passport = app.locals.passport;
|
11 |
|
12 | router.get("/login", _getLogin);
|
13 | router.get("/logout", _getLogout);
|
14 | router.post("/login", passport.authenticate('local', { successRedirect: '/auth/done', failureRedirect: '/login', failureFlash: true }));
|
15 | router.get("/auth/done", _getAuthDone);
|
16 |
|
17 | router.get("/auth/google", passport.authenticate('google', {
|
18 | scope: ['https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile' ] }
|
19 | ));
|
20 | router.get("/oauth2callback", passport.authenticate('google', {
|
21 | successRedirect: '/auth/done',
|
22 | failureRedirect: '/login'
|
23 | }));
|
24 |
|
25 | router.get("/auth/github", passport.authenticate('github'));
|
26 | router.get("/auth/github/callback", passport.authenticate('github', {
|
27 | successRedirect: '/auth/done',
|
28 | failureRedirect: '/login'
|
29 | }));
|
30 |
|
31 | if (auth.google.enabled) {
|
32 | passport.use(new passportGoogle.OAuth2Strategy({
|
33 | clientID: auth.google.clientId,
|
34 | clientSecret: auth.google.clientSecret,
|
35 |
|
36 |
|
37 | callbackURL: app.locals.baseUrl + '/oauth2callback'
|
38 | },
|
39 |
|
40 | function(accessToken, refreshToken, profile, done) {
|
41 | usedAuthentication("google");
|
42 | done(null, profile);
|
43 | }
|
44 | ));
|
45 | }
|
46 |
|
47 | if (auth.github.enabled) {
|
48 |
|
49 |
|
50 |
|
51 | passport.use(new passportGithub({
|
52 | clientID: auth.github.clientId,
|
53 | clientSecret: auth.github.clientSecret,
|
54 | callbackURL: app.locals.baseUrl + '/auth/github/callback'
|
55 | },
|
56 | function(accessToken, refreshToken, profile, done) {
|
57 | usedAuthentication("github");
|
58 | done(null, profile);
|
59 | }
|
60 | ));
|
61 | }
|
62 |
|
63 | if (auth.alone.enabled) {
|
64 |
|
65 | passport.use(new passportLocal.Strategy(
|
66 |
|
67 | function(username, password, done) {
|
68 |
|
69 | var user = {
|
70 | displayName: auth.alone.username,
|
71 | email: auth.alone.email || ""
|
72 | };
|
73 |
|
74 | if (username.toLowerCase() != auth.alone.username.toLowerCase() || tools.hashify(password) != auth.alone.passwordHash) {
|
75 | return done(null, false, { message: 'Incorrect username or password' });
|
76 | }
|
77 |
|
78 | usedAuthentication("alone");
|
79 |
|
80 | return done(null, user);
|
81 | }
|
82 | ));
|
83 | }
|
84 |
|
85 | if (auth.local.enabled) {
|
86 |
|
87 | passport.use(new passportLocal.Strategy(
|
88 |
|
89 | function(username, password, done) {
|
90 |
|
91 | var wantedUsername = username.toLowerCase();
|
92 | var wantedPasswordHash = tools.hashify(password);
|
93 |
|
94 | var foundUser = _.find(auth.local.accounts, function (account) {
|
95 | return account.username.toLowerCase() === wantedUsername &&
|
96 | account.passwordHash === wantedPasswordHash;
|
97 | });
|
98 |
|
99 | if (!foundUser) {
|
100 | return done(null, false, { message: 'Incorrect username or password' });
|
101 | }
|
102 |
|
103 | usedAuthentication("local");
|
104 |
|
105 | return done(null, {
|
106 | displayName: foundUser.username,
|
107 | email: foundUser.email || ""
|
108 | });
|
109 | }
|
110 | ));
|
111 | }
|
112 |
|
113 | function usedAuthentication(name) {
|
114 | for (var a in auth) {
|
115 | auth[a].used = (a == name);
|
116 | }
|
117 | }
|
118 |
|
119 | passport.serializeUser(function(user, done) {
|
120 | done(null, user);
|
121 | });
|
122 |
|
123 | passport.deserializeUser(function(user, done) {
|
124 |
|
125 | if (user.emails && user.emails.length > 0) {
|
126 | user.email = user.emails[0].value;
|
127 | delete user.emails;
|
128 | }
|
129 |
|
130 | if (!user.displayName && user.username) {
|
131 | user.displayName = user.username;
|
132 | }
|
133 |
|
134 | if (!user.email) {
|
135 | user.email = 'jingouser';
|
136 | }
|
137 |
|
138 | user.asGitAuthor = user.displayName + " <" + user.email + ">";
|
139 | done(undefined, user);
|
140 | });
|
141 |
|
142 | function _getLogout(req, res) {
|
143 | req.logout();
|
144 | req.session = null;
|
145 | res.redirect('/');
|
146 | }
|
147 |
|
148 | function _getAuthDone(req, res) {
|
149 |
|
150 | if (!res.locals.user) {
|
151 | res.redirect("/");
|
152 | return;
|
153 | }
|
154 |
|
155 | res.locals.user.email = 'jingouser';
|
156 |
|
157 | if (!auth.alone.used &&
|
158 | !auth.local.used &&
|
159 | !tools.isAuthorized(res.locals.user.email,
|
160 | app.locals.config.get("authorization").validMatches,
|
161 | app.locals.config.get("authorization").emptyEmailMatches)) {
|
162 | req.logout();
|
163 | req.session = null;
|
164 | res.statusCode = 403;
|
165 | res.end('<h1>Forbidden</h1>');
|
166 | } else {
|
167 | var dst = req.session.destination || "/";
|
168 | delete req.session.destination;
|
169 | res.redirect(dst);
|
170 | }
|
171 | }
|
172 |
|
173 | function _getLogin(req, res) {
|
174 |
|
175 | req.session.destination = req.query.destination;
|
176 |
|
177 | if (req.session.destination == '/login') {
|
178 | req.session.destination = '/';
|
179 | }
|
180 |
|
181 | res.locals.errors = req.flash();
|
182 |
|
183 | res.render('login', {
|
184 | title: app.locals.config.get("application").title,
|
185 | auth: auth
|
186 | });
|
187 | }
|
188 |
|
189 | module.exports = router;
|