mirror of
https://github.com/atlanticbiomedical/biomedjs.git
synced 2025-07-02 00:47:26 -04:00
More stuff
This commit is contained in:
147
config/auth.js
147
config/auth.js
@ -1,6 +1,85 @@
|
||||
var log = require('log4node');
|
||||
var mongoose = require('mongoose');
|
||||
var User = mongoose.model('User');
|
||||
var request = require('request');
|
||||
var jwt = require('jwt-simple');
|
||||
var moment = require('moment');
|
||||
|
||||
var ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
|
||||
var PEOPLE_API_URL = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect';
|
||||
|
||||
module.exports = function(app, passport, config) {
|
||||
|
||||
function createJWT(user) {
|
||||
var payload = {
|
||||
sub: user._id,
|
||||
iat: moment().unix(),
|
||||
exp: moment().add(14, 'days').unix()
|
||||
};
|
||||
|
||||
return jwt.encode(payload, config.auth.jwtSecret);
|
||||
}
|
||||
|
||||
app.post('/auth2', function(req, res) {
|
||||
var params = {
|
||||
code: req.body.code,
|
||||
client_id: req.body.clientId,
|
||||
client_secret: config.auth.clientSecret,
|
||||
redirect_uri: req.body.redirectUri,
|
||||
grant_type: 'authorization_code'
|
||||
};
|
||||
|
||||
request.post(ACCESS_TOKEN_URL, { json: true, form: params }, function(err, response, token) {
|
||||
console.log(token);
|
||||
|
||||
var accessToken = token.access_token;
|
||||
var headers = {
|
||||
Authorization: 'Bearer ' + accessToken
|
||||
};
|
||||
|
||||
request.get({ url: PEOPLE_API_URL, headers: headers, json: true }, function(err, response, profile) {
|
||||
if (profile.error) {
|
||||
return res.status(500).send({ message: profile.error.message });
|
||||
}
|
||||
|
||||
User.findOne({ email: profile.email.toLowerCase() }, function(err, user) {
|
||||
if (err) {
|
||||
return res.status(500).send(err);
|
||||
}
|
||||
|
||||
if (!user || !user.hasPermission('system.login')) {
|
||||
return res.status(403).send({ message: "You are not authorized to access this portal."});
|
||||
}
|
||||
|
||||
user.accessToken = token.access_token;
|
||||
|
||||
if (token.refresh_token) {
|
||||
user.refreshToken = token.refresh_token;
|
||||
}
|
||||
|
||||
if (profile.given_name) {
|
||||
user.name.first = profile.given_name;
|
||||
}
|
||||
|
||||
if (profile.family_name) {
|
||||
user.name.last = profile.family_name;
|
||||
}
|
||||
|
||||
if (profile.picture) {
|
||||
user.picture = profile.picture.replace('sz=50', 'sz=200');
|
||||
}
|
||||
|
||||
user.save()
|
||||
.then(function() {
|
||||
res.send({ token: createJWT(user) });
|
||||
});
|
||||
});
|
||||
});
|
||||
})
|
||||
});
|
||||
|
||||
|
||||
|
||||
module.exports = function(app, passport) {
|
||||
app.get('/auth', function(req, res, next) {
|
||||
console.dir(req.headers);
|
||||
req.session.redirectUrl = req.headers['referer'];
|
||||
@ -52,15 +131,68 @@ module.exports = function(app, passport) {
|
||||
})(req, res, next);
|
||||
});
|
||||
|
||||
function createAuthenticator(error) {
|
||||
return function(req, res, next) {
|
||||
var onError = function() {
|
||||
error(req, res, next);
|
||||
};
|
||||
|
||||
var onSuccess = function(user) {
|
||||
log.setPrefix(function(level) {
|
||||
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + user.name.first + ' ' + user.name.last + ' | ';
|
||||
});
|
||||
next();
|
||||
}
|
||||
|
||||
if (!req.isAuthenticated()) {
|
||||
if (!req.headers.authorization) {
|
||||
return onError();
|
||||
}
|
||||
|
||||
var token = req.headers.authorization.split(' ')[1];
|
||||
var payload = null;
|
||||
try {
|
||||
payload = jwt.decode(token, config.auth.jwtSecret);
|
||||
} catch (err) {
|
||||
return onError();
|
||||
}
|
||||
|
||||
if (payload.exp <= moment().unix()) {
|
||||
return onError();
|
||||
}
|
||||
|
||||
User.findById(payload.sub, function(err, user) {
|
||||
console.log('Loaded User');
|
||||
req.user = user;
|
||||
|
||||
onSuccess(user);
|
||||
});
|
||||
} else {
|
||||
onSuccess(req.user);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
requiresUiLogin: createAuthenticator(function(req, res, next) {
|
||||
res.redirect('/login');
|
||||
}),
|
||||
|
||||
requiresApiAccess: createAuthenticator(function(req, res, next) {
|
||||
res.send(403);
|
||||
})
|
||||
};
|
||||
|
||||
/*
|
||||
return {
|
||||
requiresUiLogin: function(req, res, next) {
|
||||
if (!req.isAuthenticated()) {
|
||||
return res.redirect('/login');
|
||||
}
|
||||
|
||||
log.setPrefix(function(level) {
|
||||
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
|
||||
});
|
||||
log.setPrefix(function(level) {
|
||||
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
|
||||
});
|
||||
next();
|
||||
},
|
||||
requiresApiAccess: function(req, res, next) {
|
||||
@ -68,10 +200,11 @@ module.exports = function(app, passport) {
|
||||
return res.send(403);
|
||||
}
|
||||
|
||||
log.setPrefix(function(level) {
|
||||
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
|
||||
});
|
||||
log.setPrefix(function(level) {
|
||||
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
|
||||
});
|
||||
next();
|
||||
}
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
Reference in New Issue
Block a user