UNPKG

microgateway-plugins/bauth/index.js

Version:

2.46 kBJavaScriptView Raw

1'use strict';
2/**
*
*/
5
6var debug = require('debug')('plugin:bauth');
7const authHeaderRegex = /Basic (.+)/;
8
9module.exports.init = function (config, logger, stats) {
10
var keepAuthHeader = config['keep-authorization-header'] || false;
12
return {
onrequest: function(req, res, next) {
	debug('plugin onrequest');
	try {
		if (!req.headers['authorization']) {
		  debug('missing_authorization');
		  return sendError(req, res, next, logger, stats, 'missing_authorization', 'Missing Authorization header');
		} else {
			var b64string = authHeaderRegex.exec(req.headers['authorization']);
			if (!b64string || b64string.length < 2) {
				debug('Invalid Authorization Header');
				return sendError(req, res, next, logger, stats, 'invalid_request', 'Invalid Authorization header');						
			}
			var buf;
			if (typeof Buffer.from === "function") {
			    // Node 5.10+
			    buf = Buffer.from(b64string[1], 'base64').toString("ascii");
			} else {
			    // older Node versions
			    buf = new Buffer(b64string[1], 'base64').toString("ascii");
			}
			if (buf) {
				var parts = buf.split(":");
				req.username = parts[0];
				req.password = parts[1];
				if (!keepAuthHeader) {
				  delete (req.headers['authorization']); // don't pass this header to target
				}
			} else {
				debug('Invalid Authorization Header');
				return sendError(req, res, next, logger, stats, 'invalid_request', 'Invalid Authorization header');												
			}					
		}
	} catch (err) {
		debug("ERROR - " + err);
	}
	next();
}
};
52}
53
54function sendError(req, res, next, logger, stats, code, message) {
55
switch (code) {
  case 'invalid_request':
    res.statusCode = 400;
    break;
  case 'access_denied':
    res.statusCode = 403;
    break;
  case 'missing_authorization':
  case 'invalid_authorization':
    res.statusCode = 401;
    break;
  case 'gateway_timeout':
    res.statusCode = 504;
    break;
  default:
    res.statusCode = 500;
}
73
var response = {
  error: code,
  error_description: message
};
78
debug('auth failure', res.statusCode, code, message ? message : '', req.headers, req.method, req.url);
logger.error({ req: req, res: res }, 'oauth');
81
if (!res.finished) res.setHeader('content-type', 'application/json');
res.end(JSON.stringify(response));
stats.incrementStatusCount(res.statusCode);
next(code, message);
return code;
87}
\No newline at end of file

1	`'use strict';`
2	`/**`
3	`*`
4	`*/`
5
6	`var debug = require('debug')('plugin:bauth');`
7	`const authHeaderRegex = /Basic (.+)/;`
8
9	`module.exports.init = function (config, logger, stats) {`
10
11	`var keepAuthHeader = config['keep-authorization-header'] \|\| false;`
12
13	`return {`
14	`onrequest: function(req, res, next) {`
15	`debug('plugin onrequest');`
16	`try {`
17	`if (!req.headers['authorization']) {`
18	`debug('missing_authorization');`
19	`return sendError(req, res, next, logger, stats, 'missing_authorization', 'Missing Authorization header');`
20	`} else {`
21	`var b64string = authHeaderRegex.exec(req.headers['authorization']);`
22	`if (!b64string \|\| b64string.length < 2) {`
23	`debug('Invalid Authorization Header');`
24	`return sendError(req, res, next, logger, stats, 'invalid_request', 'Invalid Authorization header');`
25	`}`
26	`var buf;`
27	`if (typeof Buffer.from === "function") {`
28	`// Node 5.10+`
29	`buf = Buffer.from(b64string[1], 'base64').toString("ascii");`
30	`} else {`
31	`// older Node versions`
32	`buf = new Buffer(b64string[1], 'base64').toString("ascii");`
33	`}`
34	`if (buf) {`
35	`var parts = buf.split(":");`
36	`req.username = parts[0];`
37	`req.password = parts[1];`
38	`if (!keepAuthHeader) {`
39	`delete (req.headers['authorization']); // don't pass this header to target`
40	`}`
41	`} else {`
42	`debug('Invalid Authorization Header');`
43	`return sendError(req, res, next, logger, stats, 'invalid_request', 'Invalid Authorization header');`
44	`}`
45	`}`
46	`} catch (err) {`
47	`debug("ERROR - " + err);`
48	`}`
49	`next();`
50	`}`
51	`};`
52	`}`
53
54	`function sendError(req, res, next, logger, stats, code, message) {`
55
56	`switch (code) {`
57	`case 'invalid_request':`
58	`res.statusCode = 400;`
59	`break;`
60	`case 'access_denied':`
61	`res.statusCode = 403;`
62	`break;`
63	`case 'missing_authorization':`
64	`case 'invalid_authorization':`
65	`res.statusCode = 401;`
66	`break;`
67	`case 'gateway_timeout':`
68	`res.statusCode = 504;`
69	`break;`
70	`default:`
71	`res.statusCode = 500;`
72	`}`
73
74	`var response = {`
75	`error: code,`
76	`error_description: message`
77	`};`
78
79	`debug('auth failure', res.statusCode, code, message ? message : '', req.headers, req.method, req.url);`
80	`logger.error({ req: req, res: res }, 'oauth');`
81
82	`if (!res.finished) res.setHeader('content-type', 'application/json');`
83	`res.end(JSON.stringify(response));`
84	`stats.incrementStatusCount(res.statusCode);`
85	`next(code, message);`
86	`return code;`
87	`}`
\	No newline at end of file