| var http = require('http') |
| |
| var openid = require('openid') |
| var express = require('express') |
| var urljoin = require('url-join') |
| |
| var logger = require('../../util/logger') |
| var jwtutil = require('../../util/jwtutil') |
| var urlutil = require('../../util/urlutil') |
| |
| module.exports = function(options) { |
| var extensions = [new openid.SimpleRegistration({ |
| email: true |
| , fullname: true |
| })] |
| |
| var relyingParty = new openid.RelyingParty( |
| urljoin(options.appUrl, '/auth/openid/verify') |
| , null // Realm (optional, specifies realm for OpenID authentication) |
| , false // Use stateless verification |
| , false // Strict mode |
| , extensions) |
| |
| var log = logger.createLogger('auth-openid') |
| var app = express() |
| |
| app.set('strict routing', true) |
| app.set('case sensitive routing', true) |
| |
| app.get('/', function(req, res) { |
| res.redirect('/auth/openid/') |
| }) |
| |
| app.get('/auth/openid/', function(req, res) { |
| log.info('openid identifier url: %s', options.openid.identifierUrl) |
| relyingParty.authenticate(options.openid.identifierUrl, false, function(err, authUrl) { |
| if (err) { |
| res.send('Authentication failed') |
| } |
| else if (!authUrl) { |
| res.send('Authentication failed') |
| } |
| else { |
| log.info('redirect to authUrl: %s', options.openid.identifierUrl) |
| res.redirect(authUrl) |
| } |
| }) |
| }) |
| |
| app.get('/auth/openid/verify', function(req, res) { |
| log.setLocalIdentifier(req.ip) |
| |
| relyingParty.verifyAssertion(req, function(err, result) { |
| log.info('openid verify assertion') |
| if (err || !result.authenticated) { |
| res.send('Authentication failed') |
| return |
| } |
| var email = req.query['openid.sreg.email'] |
| var name = req.query['openid.sreg.fullname'] |
| log.info('Authenticated "%s:%s"', name, email) |
| var token = jwtutil.encode({ |
| payload: { |
| email: email |
| , name: name |
| } |
| , secret: options.secret |
| }) |
| res.redirect(urlutil.addParams(options.appUrl, {jwt: token})) |
| }) |
| }) |
| |
| http.createServer(app).listen(options.port) |
| log.info('Listening on port %d', options.port) |
| } |