1 | 'use strict';
|
2 |
|
3 |
|
4 |
|
5 |
|
6 | var debug = require('debug')('plugin:bauth');
|
7 | const authHeaderRegex = /Basic (.+)/;
|
8 |
|
9 | module.exports.init = function (config, logger, stats) {
|
10 |
|
11 | var keepAuthHeader = config['keep-authorization-header'] || false;
|
12 |
|
13 | return {
|
14 | onrequest: function(req, res, next) {
|
15 | debug('plugin onrequest');
|
16 | try {
|
17 | if (!req.headers['authorization']) {
|
18 | debug('missing_authorization');
|
19 | return sendError(req, res, next, logger, stats, 'missing_authorization', 'Missing Authorization header');
|
20 | } else {
|
21 | var b64string = authHeaderRegex.exec(req.headers['authorization']);
|
22 | if (!b64string || b64string.length < 2) {
|
23 | debug('Invalid Authorization Header');
|
24 | return sendError(req, res, next, logger, stats, 'invalid_request', 'Invalid Authorization header');
|
25 | }
|
26 | var buf;
|
27 | if (typeof Buffer.from === "function") {
|
28 |
|
29 | buf = Buffer.from(b64string[1], 'base64').toString("ascii");
|
30 | } else {
|
31 |
|
32 | buf = new Buffer(b64string[1], 'base64').toString("ascii");
|
33 | }
|
34 | if (buf) {
|
35 | var parts = buf.split(":");
|
36 | req.username = parts[0];
|
37 | req.password = parts[1];
|
38 | if (!keepAuthHeader) {
|
39 | delete (req.headers['authorization']);
|
40 | }
|
41 | } else {
|
42 | debug('Invalid Authorization Header');
|
43 | return sendError(req, res, next, logger, stats, 'invalid_request', 'Invalid Authorization header');
|
44 | }
|
45 | }
|
46 | } catch (err) {
|
47 | debug("ERROR - " + err);
|
48 | }
|
49 | next();
|
50 | }
|
51 | };
|
52 | }
|
53 |
|
54 | function sendError(req, res, next, logger, stats, code, message) {
|
55 |
|
56 | switch (code) {
|
57 | case 'invalid_request':
|
58 | res.statusCode = 400;
|
59 | break;
|
60 | case 'access_denied':
|
61 | res.statusCode = 403;
|
62 | break;
|
63 | case 'missing_authorization':
|
64 | case 'invalid_authorization':
|
65 | res.statusCode = 401;
|
66 | break;
|
67 | case 'gateway_timeout':
|
68 | res.statusCode = 504;
|
69 | break;
|
70 | default:
|
71 | res.statusCode = 500;
|
72 | }
|
73 |
|
74 | var response = {
|
75 | error: code,
|
76 | error_description: message
|
77 | };
|
78 |
|
79 | debug('auth failure', res.statusCode, code, message ? message : '', req.headers, req.method, req.url);
|
80 | logger.error({ req: req, res: res }, 'oauth');
|
81 |
|
82 | if (!res.finished) res.setHeader('content-type', 'application/json');
|
83 | res.end(JSON.stringify(response));
|
84 | stats.incrementStatusCount(res.statusCode);
|
85 | next(code, message);
|
86 | return code;
|
87 | } |
\ | No newline at end of file |