Add auth middleware in api unit. Now only authorized user can access api unit

2025-10-05 02:29:26 +02:00 · 2015-12-02 21:14:42 +09:00 · 2015-12-02 21:14:42 +09:00 · e0a45391ab
commit e0a45391ab
parent 41f306a7f0
5 changed files with 102 additions and 0 deletions
--- a/lib/cli.js
+++ b/lib/cli.js
@ -863,18 +863,30 @@ program
      , 'port (or $PORT)'
      , Number
      , process.env.PORT || 7106)
+    .option('-i, --ssid <ssid>'
+      , 'session SSID (or $SSID)'
+      , String
+      , process.env.SSID || 'ssid')
    .option('-s, --secret <secret>'
      , 'secret (or $SECRET)'
      , String
      , process.env.SECRET)
+    .option('-a, --auth-url <url>'
+      , 'URL to auth client'
+      , String)
    .action(function(options) {
      if (!options.secret) {
        this.missingArgument('--secret')
      }
+      if (!options.authUrl) {
+        this.missingArgument('--auth-url')
+      }

      require('./units/api')({
        port: options.port
+      , ssid: options.ssid
      , secret: options.secret
+      , authUrl: options.authUrl
      })
    })

@ -1323,6 +1335,12 @@ program
          'api'
        , '--port', options.apiPort
        , '--secret', options.authSecret
+        , '--auth-url', options.authUrl || util.format(
+            'http://%s:%d/auth/%s/'
+          , options.publicIp
+          , options.poorxyPort
+          , ({oauth2: 'oauth'}[options.authType]) || options.authType
+          )
      ])
        // websocket
      , procutil.fork(__filename, [