crowdstf/lib/units/auth/ldap.js - release.projects.luma_third_party - Git at Google

 var http = require('http')

 var express = require('express')
 var validator = require('express-validator')
 var cookieSession = require('cookie-session')
 var bodyParser = require('body-parser')
 var serveStatic = require('serve-static')
 var csrf = require('csurf')
 var Promise = require('bluebird')

 var logger = require('../../util/logger')
 var requtil = require('../../util/requtil')
 var ldaputil = require('../../util/ldaputil')
 var jwtutil = require('../../util/jwtutil')
 var pathutil = require('../../util/pathutil')
 var urlutil = require('../../util/urlutil')
 var lifecycle = require('../../util/lifecycle')

 module.exports = function(options) {
   var log = logger.createLogger('auth-ldap')
   var app = express()
   var server = Promise.promisifyAll(http.createServer(app))

   lifecycle.observe(function() {
     log.info('Waiting for client connections to end')
     return server.closeAsync()
       .catch(function() {
         // Okay
       })
   })

   app.set('view engine', 'jade')
   app.set('views', pathutil.resource('auth/ldap/views'))
   app.set('strict routing', true)
   app.set('case sensitive routing', true)

   app.use(cookieSession({
     name: options.ssid
   , keys: [options.secret]
   }))
   app.use(bodyParser.json())
   app.use(csrf())
   app.use(validator())
   app.use('/static/bower_components',
     serveStatic(pathutil.resource('bower_components')))
   app.use('/static/auth/ldap', serveStatic(pathutil.resource('auth/ldap')))

   app.use(function(req, res, next) {
     res.cookie('XSRF-TOKEN', req.csrfToken())
     next()
   })

   app.get('/', function(req, res) {
     res.redirect('/auth/ldap/')
   })

   app.get('/auth/ldap/', function(req, res) {
     res.render('index')
   })

   app.post('/auth/api/v1/ldap', function(req, res) {
     var log = logger.createLogger('auth-ldap')
     log.setLocalIdentifier(req.ip)
     switch (req.accepts(['json'])) {
       case 'json':
         requtil.validate(req, function() {
             req.checkBody('username').notEmpty()
             req.checkBody('password').notEmpty()
           })
           .then(function() {
             return ldaputil.login(
               options.ldap
             , req.body.username
             , req.body.password
             )
           })
           .then(function(user) {
             log.info('Authenticated "%s"', ldaputil.email(user))
             var token = jwtutil.encode({
               payload: {
                 email: ldaputil.email(user)
               , name: user.cn
               }
             , secret: options.secret
             , header: {
                 exp: Date.now() + 24 * 3600
               }
             })
             res.status(200)
               .json({
                 success: true
               , redirect: urlutil.addParams(options.appUrl, {
                   jwt: token
                 })
               })
           })
           .catch(requtil.ValidationError, function(err) {
             res.status(400)
               .json({
                 success: false
               , error: 'ValidationError'
               , validationErrors: err.errors
               })
           })
           .catch(ldaputil.InvalidCredentialsError, function(err) {
             log.warn('Authentication failure for "%s"', err.user)
             res.status(400)
               .json({
                 success: false
               , error: 'InvalidCredentialsError'
               })
           })
           .catch(function(err) {
             log.error('Unexpected error', err.stack)
             res.status(500)
               .json({
                 success: false
               , error: 'ServerError'
               })
           })
         break
       default:
         res.send(406)
         break
     }
   })

   server.listen(options.port)
   log.info('Listening on port %d', options.port)
 }
	var http = require('http')

	var express = require('express')
	var validator = require('express-validator')
	var cookieSession = require('cookie-session')
	var bodyParser = require('body-parser')
	var serveStatic = require('serve-static')
	var csrf = require('csurf')
	var Promise = require('bluebird')

	var logger = require('../../util/logger')
	var requtil = require('../../util/requtil')
	var ldaputil = require('../../util/ldaputil')
	var jwtutil = require('../../util/jwtutil')
	var pathutil = require('../../util/pathutil')
	var urlutil = require('../../util/urlutil')
	var lifecycle = require('../../util/lifecycle')

	module.exports = function(options) {
	var log = logger.createLogger('auth-ldap')
	var app = express()
	var server = Promise.promisifyAll(http.createServer(app))

	lifecycle.observe(function() {
	log.info('Waiting for client connections to end')
	return server.closeAsync()
	.catch(function() {
	// Okay
	})
	})

	app.set('view engine', 'jade')
	app.set('views', pathutil.resource('auth/ldap/views'))
	app.set('strict routing', true)
	app.set('case sensitive routing', true)

	app.use(cookieSession({
	name: options.ssid
	, keys: [options.secret]
	}))
	app.use(bodyParser.json())
	app.use(csrf())
	app.use(validator())
	app.use('/static/bower_components',
	serveStatic(pathutil.resource('bower_components')))
	app.use('/static/auth/ldap', serveStatic(pathutil.resource('auth/ldap')))

	app.use(function(req, res, next) {
	res.cookie('XSRF-TOKEN', req.csrfToken())
	next()
	})

	app.get('/', function(req, res) {
	res.redirect('/auth/ldap/')
	})

	app.get('/auth/ldap/', function(req, res) {
	res.render('index')
	})

	app.post('/auth/api/v1/ldap', function(req, res) {
	var log = logger.createLogger('auth-ldap')
	log.setLocalIdentifier(req.ip)
	switch (req.accepts(['json'])) {
	case 'json':
	requtil.validate(req, function() {
	req.checkBody('username').notEmpty()
	req.checkBody('password').notEmpty()
	})
	.then(function() {
	return ldaputil.login(
	options.ldap
	, req.body.username
	, req.body.password
	)
	})
	.then(function(user) {
	log.info('Authenticated "%s"', ldaputil.email(user))
	var token = jwtutil.encode({
	payload: {
	email: ldaputil.email(user)
	, name: user.cn
	}
	, secret: options.secret
	, header: {
	exp: Date.now() + 24 * 3600
	}
	})
	res.status(200)
	.json({
	success: true
	, redirect: urlutil.addParams(options.appUrl, {
	jwt: token
	})
	})
	})
	.catch(requtil.ValidationError, function(err) {
	res.status(400)
	.json({
	success: false
	, error: 'ValidationError'
	, validationErrors: err.errors
	})
	})
	.catch(ldaputil.InvalidCredentialsError, function(err) {
	log.warn('Authentication failure for "%s"', err.user)
	res.status(400)
	.json({
	success: false
	, error: 'InvalidCredentialsError'
	})
	})
	.catch(function(err) {
	log.error('Unexpected error', err.stack)
	res.status(500)
	.json({
	success: false
	, error: 'ServerError'
	})
	})
	break
	default:
	res.send(406)
	break
	}
	})

	server.listen(options.port)
	log.info('Listening on port %d', options.port)
	}