mirror of
https://github.com/atlanticbiomedical/biomedjs.git
synced 2025-07-02 00:47:26 -04:00
222 lines
5.9 KiB
JavaScript
222 lines
5.9 KiB
JavaScript
var log = require('log4node');
|
|
var mongoose = require('mongoose');
|
|
var User = mongoose.model('User');
|
|
var request = require('request');
|
|
var jwt = require('jwt-simple');
|
|
var moment = require('moment');
|
|
|
|
var ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
|
|
var PEOPLE_API_URL = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect';
|
|
|
|
module.exports = function (app, passport, config) {
|
|
|
|
function createJWT(user) {
|
|
var payload = {
|
|
sub: user._id,
|
|
iat: moment().unix(),
|
|
exp: moment().add(14, 'days').unix()
|
|
};
|
|
|
|
return jwt.encode(payload, config.auth.jwtSecret);
|
|
}
|
|
|
|
app.post('/auth2', function (req, res) {
|
|
var params = {
|
|
code: req.body.code,
|
|
client_id: req.body.clientId,
|
|
client_secret: config.auth.clientSecret,
|
|
redirect_uri: req.body.redirectUri,
|
|
grant_type: 'authorization_code'
|
|
};
|
|
|
|
request.post(ACCESS_TOKEN_URL, {json: true, form: params}, function (err, response, token) {
|
|
console.log(token);
|
|
|
|
var accessToken = token.access_token;
|
|
var headers = {
|
|
Authorization: 'Bearer ' + accessToken
|
|
};
|
|
|
|
request.get({url: PEOPLE_API_URL, headers: headers, json: true}, function (err, response, profile) {
|
|
if (profile.error) {
|
|
return res.status(500).send({message: profile.error.message});
|
|
}
|
|
|
|
User.findOne({email: profile.email.toLowerCase()}, function (err, user) {
|
|
if (err) {
|
|
return res.status(500).send(err);
|
|
}
|
|
|
|
// if (!user || !user.hasPermission('system.login')) {
|
|
// return res.status(403).send({message: "You are not authorized to access this portal."});
|
|
// }
|
|
|
|
user.accessToken = token.access_token;
|
|
|
|
if (token.refresh_token) {
|
|
user.refreshToken = token.refresh_token;
|
|
}
|
|
|
|
if (profile.given_name) {
|
|
user.name.first = profile.given_name;
|
|
}
|
|
|
|
if (profile.family_name) {
|
|
user.name.last = profile.family_name;
|
|
}
|
|
|
|
if (profile.picture) {
|
|
user.picture = profile.picture.replace('?sz=50', '');
|
|
}
|
|
|
|
user.save()
|
|
.then(function () {
|
|
res.send({token: createJWT(user)});
|
|
});
|
|
});
|
|
});
|
|
})
|
|
});
|
|
|
|
|
|
app.get('/auth', function (req, res, next) {
|
|
console.dir(req.headers);
|
|
req.session.redirectUrl = req.headers['referer'];
|
|
|
|
passport.authenticate('google', {
|
|
accessType: 'offline',
|
|
scope: [
|
|
'https://www.googleapis.com/auth/userinfo.profile',
|
|
'https://www.googleapis.com/auth/userinfo.email',
|
|
'https://www.googleapis.com/auth/calendar'
|
|
]
|
|
})(req, res, next);
|
|
});
|
|
|
|
app.get('/auth/callback', function (req, res, next) {
|
|
|
|
var callbackHost = req.headers['x-forwarded-host'];
|
|
if (!callbackHost) {
|
|
callbackHost = "localhost:9000";
|
|
}
|
|
|
|
var options = {
|
|
callbackURL: 'http://' + callbackHost + '/auth/callback'
|
|
};
|
|
passport.authenticate('google', options, function (err, user, info) {
|
|
var redirectUrl = '/';
|
|
|
|
if (err) {
|
|
return next(err);
|
|
}
|
|
if (!user) {
|
|
return res.redirect('/login/error');
|
|
}
|
|
|
|
log.setPrefix("[%d] %l ");
|
|
log.info("User Logged In: %s %s", user.name.first, user.name.last);
|
|
|
|
res.cookie('atlbid', JSON.stringify(user._id), {signed: true});
|
|
|
|
if (req.session.redirectUrl) {
|
|
redirectUrl = req.session.redirectUrl;
|
|
req.session.redirectUrl = null;
|
|
}
|
|
|
|
if (redirectUrl.indexOf('/login') != -1) {
|
|
redirectUrl = '/';
|
|
}
|
|
|
|
req.logIn(user, function (err) {
|
|
if (err) {
|
|
return next(err);
|
|
}
|
|
});
|
|
|
|
res.redirect(redirectUrl);
|
|
})(req, res, next);
|
|
});
|
|
|
|
function createAuthenticator(error) {
|
|
return function (req, res, next) {
|
|
var onError = function () {
|
|
error(req, res, next);
|
|
};
|
|
|
|
var onSuccess = function (user) {
|
|
log.setPrefix(function (level) {
|
|
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + user.name.first + ' ' + user.name.last + ' | ';
|
|
});
|
|
next();
|
|
}
|
|
|
|
if (!req.isAuthenticated()) {
|
|
if (!req.headers.authorization) {
|
|
return onError();
|
|
}
|
|
|
|
var token = req.headers.authorization.split(' ')[1];
|
|
var payload = null;
|
|
try {
|
|
payload = jwt.decode(token, config.auth.jwtSecret);
|
|
} catch (err) {
|
|
return onError();
|
|
}
|
|
|
|
console.log(payload);
|
|
|
|
if (payload.exp <= moment().unix()) {
|
|
return onError();
|
|
}
|
|
|
|
User.findById(payload.sub, function (err, user) {
|
|
if (user) {
|
|
console.log('Loaded User');
|
|
req.user = user;
|
|
onSuccess(user);
|
|
} else {
|
|
onError();
|
|
}
|
|
});
|
|
} else {
|
|
onSuccess(req.user);
|
|
}
|
|
}
|
|
}
|
|
|
|
return {
|
|
requiresUiLogin: createAuthenticator(function (req, res, next) {
|
|
res.redirect('/login');
|
|
}),
|
|
|
|
requiresApiAccess: createAuthenticator(function (req, res, next) {
|
|
res.send(403);
|
|
})
|
|
};
|
|
|
|
/*
|
|
return {
|
|
requiresUiLogin: function(req, res, next) {
|
|
if (!req.isAuthenticated()) {
|
|
return res.redirect('/login');
|
|
}
|
|
|
|
log.setPrefix(function(level) {
|
|
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
|
|
});
|
|
next();
|
|
},
|
|
requiresApiAccess: function(req, res, next) {
|
|
if (!req.isAuthenticated()) {
|
|
return res.send(403);
|
|
}
|
|
|
|
log.setPrefix(function(level) {
|
|
return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
|
|
});
|
|
next();
|
|
}
|
|
};
|
|
*/
|
|
};
|