Add mock auth for development.

2025-10-05 02:29:26 +02:00 · 2014-01-24 15:32:10 +09:00 · 2014-01-24 15:32:10 +09:00 · 60143b28cb
commit 60143b28cb
parent 97f37ad507
3 changed files with 128 additions and 18 deletions
--- a/lib/roles/auth/mock.js
+++ b/lib/roles/auth/mock.js
@ -0,0 +1,86 @@
+var url = require('url')
+
+var express = require('express')
+var validator = require('express-validator')
+
+var logger = require('../../util/logger')
+var requtil = require('../../util/requtil')
+var jwtutil = require('../../util/jwtutil')
+
+module.exports = function(options) {
+  var log = logger.createLogger('app')
+    , app = express()
+
+  app.use(express.cookieParser())
+  app.use(express.cookieSession({
+    secret: options.secret
+  , key: options.ssid
+  }))
+  app.use(express.json())
+  app.use(express.urlencoded())
+  app.use(validator())
+
+  app.get('/auth', function(req, res) {
+    res.locals.csrf = req.csrfToken()
+  })
+
+  app.post('/auth', function(req, res) {
+    var log = logger.createLogger('auth')
+    log.setLocalIdentifier(req.ip)
+    switch (req.accepts(['json'])) {
+      case 'json':
+        requtil.validate(req, function() {
+            req.checkBody('name').notEmpty()
+            req.checkBody('email').isEmail()
+
+            // This is a security risk. Someone might forward the user
+            // to the login page with their own redirect set, and they'd
+            // then be able to steal the token. Some kind of a whitelist
+            // or a fixed redirect URL is needed.
+            req.checkBody('redirect').isUrl()
+          })
+          .then(function() {
+            log.info('Authenticated "%s"', req.body.email)
+            var token = jwtutil.encode({
+              payload: {
+                email: req.body.email
+              , name: req.body.name
+              }
+            , secret: options.secret
+            })
+            var target = url.parse(req.body.redirect)
+            target.query = {
+              jwt: token
+            }
+            res.status(200)
+              .json({
+                success: true
+              , redirect: url.format(target)
+              })
+          })
+          .catch(requtil.ValidationError, function(err) {
+            res.status(400)
+              .json({
+                success: false
+              , error: 'ValidationError'
+              , validationErrors: err.errors
+              })
+          })
+          .catch(function(err) {
+            log.error('Unexpected error', err.stack)
+            res.status(500)
+              .json({
+                success: false
+              , error: 'ServerError'
+              })
+          })
+        break
+      default:
+        res.send(406)
+        break
+    }
+  })
+
+  app.listen(options.port)
+  log.info('Listening on port %d', options.port)
+}