atlanticbiomedical/biomedjs
1
0
Fork 0
mirror of https://github.com/atlanticbiomedical/biomedjs.git synced 2025-07-02 00:47:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Changes

Browse Source
This commit is contained in:
Dobie Wollert
2015-12-16 09:12:35 -08:00
parent f9c9672818
commit f94ca33b9e
805 changed files with 67409 additions and 24609 deletions
Download Patch File Download Diff File Expand all files Collapse all files

377
config/auth.js
View File

@ -8,203 +8,214 @@ var moment = require('moment');
var ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
var PEOPLE_API_URL = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect';
module.exports = function(app, passport, config) {
module.exports = function (app, passport, config) {
function createJWT(user) {
var payload = {
sub: user._id,
iat: moment().unix(),
exp: moment().add(14, 'days').unix()
};
function createJWT(user) {
var payload = {
sub: user._id,
iat: moment().unix(),
exp: moment().add(14, 'days').unix()
};
return jwt.encode(payload, config.auth.jwtSecret);
}
return jwt.encode(payload, config.auth.jwtSecret);
}
app.post('/auth2', function(req, res) {
var params = {
code: req.body.code,
client_id: req.body.clientId,
client_secret: config.auth.clientSecret,
redirect_uri: req.body.redirectUri,
grant_type: 'authorization_code'
};
app.post('/auth2', function (req, res) {
var params = {
code: req.body.code,
client_id: req.body.clientId,
client_secret: config.auth.clientSecret,
redirect_uri: req.body.redirectUri,
grant_type: 'authorization_code'
};
request.post(ACCESS_TOKEN_URL, { json: true, form: params }, function(err, response, token) {
console.log(token);
request.post(ACCESS_TOKEN_URL, {json: true, form: params}, function (err, response, token) {
console.log(token);
var accessToken = token.access_token;
var headers = {
Authorization: 'Bearer ' + accessToken
};
var accessToken = token.access_token;
var headers = {
Authorization: 'Bearer ' + accessToken
};
request.get({ url: PEOPLE_API_URL, headers: headers, json: true }, function(err, response, profile) {
if (profile.error) {
return res.status(500).send({ message: profile.error.message });
}
request.get({url: PEOPLE_API_URL, headers: headers, json: true}, function (err, response, profile) {
if (profile.error) {
return res.status(500).send({message: profile.error.message});
}
User.findOne({ email: profile.email.toLowerCase() }, function(err, user) {
if (err) {
return res.status(500).send(err);
}
User.findOne({email: profile.email.toLowerCase()}, function (err, user) {
if (err) {
return res.status(500).send(err);
}
if (!user || !user.hasPermission('system.login')) {
return res.status(403).send({ message: "You are not authorized to access this portal."});
}
// if (!user || !user.hasPermission('system.login')) {
// return res.status(403).send({message: "You are not authorized to access this portal."});
// }
user.accessToken = token.access_token;
user.accessToken = token.access_token;
if (token.refresh_token) {
user.refreshToken = token.refresh_token;
}
if (token.refresh_token) {
user.refreshToken = token.refresh_token;
}
if (profile.given_name) {
user.name.first = profile.given_name;
}
if (profile.given_name) {
user.name.first = profile.given_name;
}
if (profile.family_name) {
user.name.last = profile.family_name;
}
if (profile.family_name) {
user.name.last = profile.family_name;
}
if (profile.picture) {
user.picture = profile.picture.replace('sz=50', 'sz=200');
}
if (profile.picture) {
user.picture = profile.picture.replace('?sz=50', '');
}
user.save()
.then(function() {
res.send({ token: createJWT(user) });
});
});
});
})
});
app.get('/auth', function(req, res, next) {
console.dir(req.headers);
req.session.redirectUrl = req.headers['referer'];
passport.authenticate('google', {
accessType: 'offline',
scope: [
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/calendar'
]})(req, res, next);
});
app.get('/auth/callback', function(req, res, next) {
var callbackHost = req.headers['x-forwarded-host'];
if (!callbackHost) {
callbackHost = "localhost:9000";
}
var options = {
callbackURL: 'http://' + callbackHost + '/auth/callback'
};
passport.authenticate('google', options, function(err, user, info) {
var redirectUrl = '/';
if (err) { return next(err); }
if (!user) { return res.redirect('/login/error'); }
log.setPrefix("[%d] %l ");
log.info("User Logged In: %s %s", user.name.first, user.name.last);
res.cookie('atlbid', JSON.stringify(user._id), {signed:true});
if (req.session.redirectUrl) {
redirectUrl = req.session.redirectUrl;
req.session.redirectUrl = null;
}
if (redirectUrl.indexOf('/login') != -1) {
redirectUrl = '/';
}
req.logIn(user, function(err) {
if (err) { return next(err); }
});
res.redirect(redirectUrl);
})(req, res, next);
});
function createAuthenticator(error) {
return function(req, res, next) {
var onError = function() {
error(req, res, next);
};
var onSuccess = function(user) {
log.setPrefix(function(level) {
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + user.name.first + ' ' + user.name.last + ' | ';
});
next();
}
if (!req.isAuthenticated()) {
if (!req.headers.authorization) {
return onError();
}
var token = req.headers.authorization.split(' ')[1];
var payload = null;
try {
payload = jwt.decode(token, config.auth.jwtSecret);
} catch (err) {
return onError();
}
if (payload.exp <= moment().unix()) {
return onError();
}
User.findById(payload.sub, function(err, user) {
console.log('Loaded User');
req.user = user;
onSuccess(user);
});
} else {
onSuccess(req.user);
}
}
}
return {
requiresUiLogin: createAuthenticator(function(req, res, next) {
res.redirect('/login');
}),
requiresApiAccess: createAuthenticator(function(req, res, next) {
res.send(403);
})
};
/*
return {
requiresUiLogin: function(req, res, next) {
if (!req.isAuthenticated()) {
return res.redirect('/login');
}
log.setPrefix(function(level) {
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
user.save()
.then(function () {
res.send({token: createJWT(user)});
});
next();
},
requiresApiAccess: function(req, res, next) {
if (!req.isAuthenticated()) {
return res.send(403);
}
});
});
})
});
log.setPrefix(function(level) {
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
});
next();
}
};
*/
app.get('/auth', function (req, res, next) {
console.dir(req.headers);
req.session.redirectUrl = req.headers['referer'];
passport.authenticate('google', {
accessType: 'offline',
scope: [
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/calendar'
]
})(req, res, next);
});
app.get('/auth/callback', function (req, res, next) {
var callbackHost = req.headers['x-forwarded-host'];
if (!callbackHost) {
callbackHost = "localhost:9000";
}
var options = {
callbackURL: 'http://' + callbackHost + '/auth/callback'
};
passport.authenticate('google', options, function (err, user, info) {
var redirectUrl = '/';
if (err) {
return next(err);
}
if (!user) {
return res.redirect('/login/error');
}
log.setPrefix("[%d] %l ");
log.info("User Logged In: %s %s", user.name.first, user.name.last);
res.cookie('atlbid', JSON.stringify(user._id), {signed: true});
if (req.session.redirectUrl) {
redirectUrl = req.session.redirectUrl;
req.session.redirectUrl = null;
}
if (redirectUrl.indexOf('/login') != -1) {
redirectUrl = '/';
}
req.logIn(user, function (err) {
if (err) {
return next(err);
}
});
res.redirect(redirectUrl);
})(req, res, next);
});
function createAuthenticator(error) {
return function (req, res, next) {
var onError = function () {
error(req, res, next);
};
var onSuccess = function (user) {
log.setPrefix(function (level) {
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + user.name.first + ' ' + user.name.last + ' | ';
});
next();
}
if (!req.isAuthenticated()) {
if (!req.headers.authorization) {
return onError();
}
var token = req.headers.authorization.split(' ')[1];
var payload = null;
try {
payload = jwt.decode(token, config.auth.jwtSecret);
} catch (err) {
return onError();
}
console.log(payload);
if (payload.exp <= moment().unix()) {
return onError();
}
User.findById(payload.sub, function (err, user) {
if (user) {
console.log('Loaded User');
req.user = user;
onSuccess(user);
} else {
onError();
}
});
} else {
onSuccess(req.user);
}
}
}
return {
requiresUiLogin: createAuthenticator(function (req, res, next) {
res.redirect('/login');
}),
requiresApiAccess: createAuthenticator(function (req, res, next) {
res.send(403);
})
};
/*
return {
requiresUiLogin: function(req, res, next) {
if (!req.isAuthenticated()) {
return res.redirect('/login');
}
log.setPrefix(function(level) {
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
});
next();
},
requiresApiAccess: function(req, res, next) {
if (!req.isAuthenticated()) {
return res.send(403);
}
log.setPrefix(function(level) {
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
});
next();
}
};
*/
};