UNPKG

jsreport-authentication/lib/authentication.js

Version:

7.39 kBJavaScriptView Raw

1/*!
* Copyright(c) 2014 Jan Blaha
*
* Extension used for authenticating user. When the extension is enabled user needs to specify
* credentials before the jsreport will serve the request.
*
* Browser requests are authenticated using cookie.
* API requests are authenticated using basic auth.
*/
10
11var path = require('path')
12var passport = require('passport')
13var LocalStrategy = require('passport-local').Strategy
14var BasicStrategy = require('passport-http').BasicStrategy
15var sessions = require('client-sessions')
16var S = require('string')
17var _ = require('underscore')
18var url = require('url')
19var bodyParser = require('body-parser')
20var UsersRepository = require('./usersRepository')
21var viewsPath = path.join(__dirname, '../public/views')
22
23function addPassport (reporter, app, admin, definition) {
if (app.isAuthenticated) {
  return
}
27
app.use(sessions({
  cookieName: 'session',
  cookie: definition.options.cookieSession.cookie,
  secret: definition.options.cookieSession.secret,
  duration: 1000 * 60 * 60 * 24 * 365 * 10 // forever
}))
34
app.use(passport.initialize())
app.use(passport.session())
37
function authenticate (username, password, done) {
  if (admin.username === username && admin.password === password) {
    return done(null, admin)
  }
42
  reporter.authentication.usersRepository.authenticate(username, password).then(function (user) {
    if (!user) {
      return done(null, false, {message: 'Invalid password or user does not exists.'})
    }
47
    return done(null, user)
  }).catch(function (e) {
    done(null, false, {message: e.message})
  })
}
53
passport.use(new LocalStrategy(authenticate))
55
passport.use(new BasicStrategy(authenticate))
57
passport.serializeUser(function (user, done) {
  done(null, user.username)
})
61
passport.deserializeUser(function (id, done) {
  if (id === admin.username) {
    return done(null, admin)
  }
66
  reporter.authentication.usersRepository.find(id).then(function (user) {
    done(null, user)
  }).catch(function (e) {
    done(e)
  })
})
73
app.get('/login', function (req, res, next) {
  if (!req.user) {
    var viewModel = _.extend({}, req.session.viewModel || {})
    req.session.viewModel = null
    return res.render(path.join(viewsPath, 'login.html'), {
      viewModel: viewModel,
      options: reporter.options
    })
  } else {
    next()
  }
})
86
app.post('/login', bodyParser.urlencoded({extended: true, limit: '2mb'}), function (req, res, next) {
  req.session.viewModel = req.session.viewModel || {}
89
  passport.authenticate('local', function (err, user, info) {
    if (err) {
      return next(err)
    }
94
    if (!user) {
      req.session.viewModel.login = info.message
      return res.redirect(reporter.options.appPath + '?returnUrl=' + encodeURIComponent(req.query.returnUrl || '/'))
    }
99
    req.session.viewModel = {}
    req.logIn(user, function (err) {
      if (err) {
        return next(err)
      }
105
      req.user = user
      reporter.logger.info('Logging in user ' + user.username)
108
      return res.redirect(decodeURIComponent(req.query.returnUrl) || '/')
    })
  })(req, res, next)
})
113
app.post('/logout', function (req, res) {
  req.logout()
  res.redirect(reporter.options.appPath)
})
118
app.use(function (req, res, next) {
  if (req.isAuthenticated()) {
    return next()
  }
123
  passport.authenticate('basic', function (err, user, info) {
    if (err) {
      return next(err)
    }
128
    if (user) {
      req.logIn(user, function () {
        reporter.logger.debug('API logging in user ' + user.username)
        next()
      })
    } else {
      if (req.url.indexOf('/api') > -1 || req.url.indexOf('/odata') > -1) {
        if (req.isPublic) {
          return next()
        }
        res.setHeader('WWW-Authenticate', 'Basic realm=\'realm\'')
        return res.status(401).end()
      }
142
      next()
    }
  })(req, res, next)
})
147}
148
149function configureRoutes (reporter, app, admin, definition) {
app.use(function (req, res, next) {
  var publicRoute = _.find(reporter.authentication.publicRoutes, function (r) {
    return S(req.url).startsWith(r)
  })
154
  var pathname = url.parse(req.url).pathname
156
  req.isPublic = publicRoute || S(pathname).endsWith('.js') || S(pathname).endsWith('.css')
  next()
})
160
addPassport(reporter, app, admin, definition)
162
app.use(function (req, res, next) {
  if (req.isAuthenticated() || req.isPublic) {
    return next()
  }
167
  var viewModel = _.extend({}, req.session.viewModel || {})
  req.session.viewModel = null
170
  return res.render(path.join(viewsPath, 'login.html'), {
    viewModel: viewModel,
    options: reporter.options
  })
})
176
app.use(function (req, res, next) {
  if (!reporter.authorization || req.isPublic) {
    return next()
  }
181
  reporter.authorization.authorizeRequest(req, res).then(function (result) {
    if (result) {
      return next()
    }
186
    if (req.url.indexOf('/api') > -1 || req.url.indexOf('/odata') > -1) {
      res.setHeader('WWW-Authenticate', 'Basic realm=\'realm\'')
      return res.status(401).end()
    }
191
    return res.redirect('/login')
  }).catch(function (e) {
    next(e)
  })
})
197
app.post('/api/users/:shortid/password', function (req, res, next) {
  reporter.authentication.usersRepository.changePassword(req.user, req.params.shortid, req.body.oldPassword, req.body.newPassword).then(function (user) {
    res.send({result: 'ok'})
  }).catch(function (e) {
    next(e)
  })
})
205
app.get('/api/current-user', function (req, res, next) {
  res.send({username: req.user.username})
})
209}
210
211function Authentication (reporter) {
this.publicRoutes = [
  '/?studio=embed', '/css', '/img', '/js', '/lib', '/html-templates',
  '/api/recipe', '/api/engine', '/api/settings', '/favicon.ico', '/api/extensions', '/odata/settings']
215
this.usersRepository = new UsersRepository(reporter)
217
if (reporter.compilation) {
  reporter.compilation.resourceInTemp('login.html', path.join(__dirname, '../public/views/login.html'))
}
221
viewsPath = reporter.execution ? reporter.execution.tempDirectory : viewsPath
223}
224
225module.exports = function (reporter, definition) {
if (!definition.options.admin) {
  definition.options.enabled = false
  return
}
230
definition.options.admin.name = definition.options.admin.username
definition.options.admin.isAdmin = true
233
reporter.authentication = new Authentication(reporter)
235
reporter.on('export-public-route', function (route) {
  reporter.authentication.publicRoutes.push(route)
})
239
reporter.on('after-express-static-configure', function (app) {
  app.engine('html', require('ejs').renderFile)
242
  reporter.emit('before-authentication-express-routes', app)
  configureRoutes(reporter, app, definition.options.admin, definition)
  // avoid exposing secrets and admin password through /api/extensions
  definition.options = {}
  reporter.emit('after-authentication-express-routes', app)
})
249}

1	`/*!`
2	`* Copyright(c) 2014 Jan Blaha`
3	`*`
4	`* Extension used for authenticating user. When the extension is enabled user needs to specify`
5	`* credentials before the jsreport will serve the request.`
6	`*`
7	`* Browser requests are authenticated using cookie.`
8	`* API requests are authenticated using basic auth.`
9	`*/`
10
11	`var path = require('path')`
12	`var passport = require('passport')`
13	`var LocalStrategy = require('passport-local').Strategy`
14	`var BasicStrategy = require('passport-http').BasicStrategy`
15	`var sessions = require('client-sessions')`
16	`var S = require('string')`
17	`var _ = require('underscore')`
18	`var url = require('url')`
19	`var bodyParser = require('body-parser')`
20	`var UsersRepository = require('./usersRepository')`
21	`var viewsPath = path.join(__dirname, '../public/views')`
22
23	`function addPassport (reporter, app, admin, definition) {`
24	`if (app.isAuthenticated) {`
25	`return`
26	`}`
27
28	`app.use(sessions({`
29	`cookieName: 'session',`
30	`cookie: definition.options.cookieSession.cookie,`
31	`secret: definition.options.cookieSession.secret,`
32	`duration: 1000 * 60 * 60 * 24 * 365 * 10 // forever`
33	`}))`
34
35	`app.use(passport.initialize())`
36	`app.use(passport.session())`
37
38	`function authenticate (username, password, done) {`
39	`if (admin.username === username && admin.password === password) {`
40	`return done(null, admin)`
41	`}`
42
43	`reporter.authentication.usersRepository.authenticate(username, password).then(function (user) {`
44	`if (!user) {`
45	`return done(null, false, {message: 'Invalid password or user does not exists.'})`
46	`}`
47
48	`return done(null, user)`
49	`}).catch(function (e) {`
50	`done(null, false, {message: e.message})`
51	`})`
52	`}`
53
54	`passport.use(new LocalStrategy(authenticate))`
55
56	`passport.use(new BasicStrategy(authenticate))`
57
58	`passport.serializeUser(function (user, done) {`
59	`done(null, user.username)`
60	`})`
61
62	`passport.deserializeUser(function (id, done) {`
63	`if (id === admin.username) {`
64	`return done(null, admin)`
65	`}`
66
67	`reporter.authentication.usersRepository.find(id).then(function (user) {`
68	`done(null, user)`
69	`}).catch(function (e) {`
70	`done(e)`
71	`})`
72	`})`
73
74	`app.get('/login', function (req, res, next) {`
75	`if (!req.user) {`
76	`var viewModel = _.extend({}, req.session.viewModel \|\| {})`
77	`req.session.viewModel = null`
78	`return res.render(path.join(viewsPath, 'login.html'), {`
79	`viewModel: viewModel,`
80	`options: reporter.options`
81	`})`
82	`} else {`
83	`next()`
84	`}`
85	`})`
86
87	`app.post('/login', bodyParser.urlencoded({extended: true, limit: '2mb'}), function (req, res, next) {`
88	`req.session.viewModel = req.session.viewModel \|\| {}`
89
90	`passport.authenticate('local', function (err, user, info) {`
91	`if (err) {`
92	`return next(err)`
93	`}`
94
95	`if (!user) {`
96	`req.session.viewModel.login = info.message`
97	`return res.redirect(reporter.options.appPath + '?returnUrl=' + encodeURIComponent(req.query.returnUrl \|\| '/'))`
98	`}`
99
100	`req.session.viewModel = {}`
101	`req.logIn(user, function (err) {`
102	`if (err) {`
103	`return next(err)`
104	`}`
105
106	`req.user = user`
107	`reporter.logger.info('Logging in user ' + user.username)`
108
109	`return res.redirect(decodeURIComponent(req.query.returnUrl) \|\| '/')`
110	`})`
111	`})(req, res, next)`
112	`})`
113
114	`app.post('/logout', function (req, res) {`
115	`req.logout()`
116	`res.redirect(reporter.options.appPath)`
117	`})`
118
119	`app.use(function (req, res, next) {`
120	`if (req.isAuthenticated()) {`
121	`return next()`
122	`}`
123
124	`passport.authenticate('basic', function (err, user, info) {`
125	`if (err) {`
126	`return next(err)`
127	`}`
128
129	`if (user) {`
130	`req.logIn(user, function () {`
131	`reporter.logger.debug('API logging in user ' + user.username)`
132	`next()`
133	`})`
134	`} else {`
135	`if (req.url.indexOf('/api') > -1 \|\| req.url.indexOf('/odata') > -1) {`
136	`if (req.isPublic) {`
137	`return next()`
138	`}`
139	`res.setHeader('WWW-Authenticate', 'Basic realm=\'realm\'')`
140	`return res.status(401).end()`
141	`}`
142
143	`next()`
144	`}`
145	`})(req, res, next)`
146	`})`
147	`}`
148
149	`function configureRoutes (reporter, app, admin, definition) {`
150	`app.use(function (req, res, next) {`
151	`var publicRoute = _.find(reporter.authentication.publicRoutes, function (r) {`
152	`return S(req.url).startsWith(r)`
153	`})`
154
155	`var pathname = url.parse(req.url).pathname`
156
157	`req.isPublic = publicRoute \|\| S(pathname).endsWith('.js') \|\| S(pathname).endsWith('.css')`
158	`next()`
159	`})`
160
161	`addPassport(reporter, app, admin, definition)`
162
163	`app.use(function (req, res, next) {`
164	`if (req.isAuthenticated() \|\| req.isPublic) {`
165	`return next()`
166	`}`
167
168	`var viewModel = _.extend({}, req.session.viewModel \|\| {})`
169	`req.session.viewModel = null`
170
171	`return res.render(path.join(viewsPath, 'login.html'), {`
172	`viewModel: viewModel,`
173	`options: reporter.options`
174	`})`
175	`})`
176
177	`app.use(function (req, res, next) {`
178	`if (!reporter.authorization \|\| req.isPublic) {`
179	`return next()`
180	`}`
181
182	`reporter.authorization.authorizeRequest(req, res).then(function (result) {`
183	`if (result) {`
184	`return next()`
185	`}`
186
187	`if (req.url.indexOf('/api') > -1 \|\| req.url.indexOf('/odata') > -1) {`
188	`res.setHeader('WWW-Authenticate', 'Basic realm=\'realm\'')`
189	`return res.status(401).end()`
190	`}`
191
192	`return res.redirect('/login')`
193	`}).catch(function (e) {`
194	`next(e)`
195	`})`
196	`})`
197
198	`app.post('/api/users/:shortid/password', function (req, res, next) {`
199	`reporter.authentication.usersRepository.changePassword(req.user, req.params.shortid, req.body.oldPassword, req.body.newPassword).then(function (user) {`
200	`res.send({result: 'ok'})`
201	`}).catch(function (e) {`
202	`next(e)`
203	`})`
204	`})`
205
206	`app.get('/api/current-user', function (req, res, next) {`
207	`res.send({username: req.user.username})`
208	`})`
209	`}`
210
211	`function Authentication (reporter) {`
212	`this.publicRoutes = [`
213	`'/?studio=embed', '/css', '/img', '/js', '/lib', '/html-templates',`
214	`'/api/recipe', '/api/engine', '/api/settings', '/favicon.ico', '/api/extensions', '/odata/settings']`
215
216	`this.usersRepository = new UsersRepository(reporter)`
217
218	`if (reporter.compilation) {`
219	`reporter.compilation.resourceInTemp('login.html', path.join(__dirname, '../public/views/login.html'))`
220	`}`
221
222	`viewsPath = reporter.execution ? reporter.execution.tempDirectory : viewsPath`
223	`}`
224
225	`module.exports = function (reporter, definition) {`
226	`if (!definition.options.admin) {`
227	`definition.options.enabled = false`
228	`return`
229	`}`
230
231	`definition.options.admin.name = definition.options.admin.username`
232	`definition.options.admin.isAdmin = true`
233
234	`reporter.authentication = new Authentication(reporter)`
235
236	`reporter.on('export-public-route', function (route) {`
237	`reporter.authentication.publicRoutes.push(route)`
238	`})`
239
240	`reporter.on('after-express-static-configure', function (app) {`
241	`app.engine('html', require('ejs').renderFile)`
242
243	`reporter.emit('before-authentication-express-routes', app)`
244	`configureRoutes(reporter, app, definition.options.admin, definition)`
245	`// avoid exposing secrets and admin password through /api/extensions`
246	`definition.options = {}`
247	`reporter.emit('after-authentication-express-routes', app)`
248	`})`
249	`}`