yetangitu/OpenSTF
1
0
Fork 0
mirror of https://github.com/openstf/stf synced 2025-10-04 18:29:17 +02:00
Code Issues Releases Wiki Activity

Add auth middleware in api unit. Now only authorized user can access api unit

Browse source
This commit is contained in:
Vishal Banthia 2015-12-02 21:14:42 +09:00
parent 41f306a7f0
commit e0a45391ab
5 changed files with 102 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
lib/cli.js
View file

@ -863,18 +863,30 @@ program
, 'port (or $PORT)' , 'port (or $PORT)'
, Number , Number
, process.env.PORT || 7106) , process.env.PORT || 7106)
.option('-i, --ssid <ssid>'
, 'session SSID (or $SSID)'
, String
, process.env.SSID || 'ssid')
.option('-s, --secret <secret>' .option('-s, --secret <secret>'
, 'secret (or $SECRET)' , 'secret (or $SECRET)'
, String , String
, process.env.SECRET) , process.env.SECRET)
.option('-a, --auth-url <url>'
, 'URL to auth client'
, String)
.action(function(options) { .action(function(options) {
if (!options.secret) { if (!options.secret) {
this.missingArgument('--secret') this.missingArgument('--secret')
} }
if (!options.authUrl) {
this.missingArgument('--auth-url')
}
require('./units/api')({ require('./units/api')({
port: options.port port: options.port
, ssid: options.ssid
, secret: options.secret , secret: options.secret
, authUrl: options.authUrl
}) })
}) })
@ -1323,6 +1335,12 @@ program
'api' 'api'
, '--port', options.apiPort , '--port', options.apiPort
, '--secret', options.authSecret , '--secret', options.authSecret
, '--auth-url', options.authUrl || util.format(
'http://%s:%d/auth/%s/'
, options.publicIp
, options.poorxyPort
, ({oauth2: 'oauth'}[options.authType]) || options.authType
)
]) ])
// websocket // websocket
, procutil.fork(__filename, [ , procutil.fork(__filename, [

4
lib/db/api.js
View file

@ -329,4 +329,8 @@ dbapi.loadAccessTokens = function(email) {
})) }))
} }
dbapi.loadAccessToken = function(id) {
return db.run(r.table('accessTokens').get(id))
}
module.exports = dbapi module.exports = dbapi

14
lib/units/api/index.js
View file

@ -3,9 +3,12 @@ var path = require('path')
var express = require('express') var express = require('express')
var SwaggerExpress = require('swagger-express-mw') var SwaggerExpress = require('swagger-express-mw')
var cookieSession = require('cookie-session')
var logger = require('../../util/logger') var logger = require('../../util/logger')
var auth = require('./middleware/auth')
module.exports = function(options) { module.exports = function(options) {
var log = logger.createLogger('api') var log = logger.createLogger('api')
, app = express() , app = express()
@ -22,6 +25,17 @@ module.exports = function(options) {
swaggerExpress.register(app); swaggerExpress.register(app);
}) })
// TODO: Remove this once frontend is stateless
app.use(cookieSession({
name: options.ssid
, keys: [options.secret]
}))
app.use(auth({
secret: options.secret
, authUrl: options.authUrl
}))
server.listen(options.port) server.listen(options.port)
log.info('Listening on port %d', options.port) log.info('Listening on port %d', options.port)
} }

65
lib/units/api/middleware/auth.js Normal file
View file

@ -0,0 +1,65 @@
var jwtutil = require('../../../util/jwtutil')
var urlutil = require('../../../util/urlutil')
var logger = require('../../../util/logger')
var dbapi = require('../../../db/api')
module.exports = function(options) {
return function(req, res, next) {
var log = logger.createLogger('api:auth')
if (req.headers.authorization) {
var tokenId = req.headers.authorization.split(" ")[1]
if (tokenId) {
dbapi.loadAccessToken(tokenId)
.then(function(token) {
var jwt = token.jwt
, data = jwtutil.decode(jwt, options.secret)
if (data) {
dbapi.loadUser(data.email)
.then(function(user) {
if (user) {
req.user = user
next()
}
})
}
})
.catch(function(err) {
log.error('Failed to load token: ', err.stack)
res.json(500, {
success: false,
description: "Bad Access Token"
})
})
} else {
log.error("Bad Access Token")
res.json(500, {
success: false,
description: "Bad Access Token Header"
})
}
}
// TODO: Remove this once frontend become stateless
else if (req.session && req.session.jwt) {
dbapi.loadUser(req.session.jwt.email)
.then(function(user) {
if (user) {
req.user = user
next()
}
else {
// We no longer have the user in the database
res.redirect(options.authUrl)
}
})
.catch(next)
}
else {
// No session, forward to auth client
res.redirect(options.authUrl)
}
}
}

1
lib/units/api/swagger/api_v1.yaml
View file

@ -33,6 +33,7 @@ paths:
description: Unexpected Error description: Unexpected Error
schema: schema:
$ref: "#/definitions/ErrorResponse" $ref: "#/definitions/ErrorResponse"
definitions: definitions:
UserResponse: UserResponse:
required: required: