X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=src%2Fservice.js;h=31365794992b578cbb33b687ac9848d831fd1d6a;hb=HEAD;hp=c1e600691642130c40557cffec8721e43f7a2cef;hpb=726cd980f0ed5588cfe8cbb2d994d5e4aef6e292;p=squeep-indie-auther diff --git a/src/service.js b/src/service.js index c1e6006..e1f2a5a 100644 --- a/src/service.js +++ b/src/service.js @@ -9,80 +9,110 @@ const path = require('path'); const { Dingus } = require('@squeep/api-dingus'); const common = require('./common'); const Manager = require('./manager'); -const { Authenticator, SessionManager } = require('@squeep/authentication-module'); -const { ResourceAuthenticator } = require('@squeep/resource-authentication-module'); -const { TemplateHelper: { initContext } } = require('@squeep/html-template-helper'); +const { Authenticator, ResourceAuthenticator, SessionManager } = require('@squeep/authentication-module'); +const { initContext, navLinks } = require('./template/template-helper'); const Enum = require('./enum'); +const { ResponseError } = require('./errors'); const _fileScope = common.fileScope(__filename); +/** + * @typedef {import('node:http')} http + */ + class Service extends Dingus { constructor(logger, db, options, asyncLocalStorage) { super(logger, { ...options.dingus, ignoreTrailingSlash: false, }); + this.options = options; this.asyncLocalStorage = asyncLocalStorage; this.staticPath = path.normalize(path.join(__dirname, '..', 'static')); this.manager = new Manager(logger, db, options); this.authenticator = new Authenticator(logger, db, options); this.sessionManager = new SessionManager(logger, this.authenticator, options); this.resourceAuthenticator = new ResourceAuthenticator(logger, db, options); - this.loginPath = `${options.dingus.proxyPrefix}/admin/login`; - - // N.B. /admin routes not currently configurable - const route = (r) => `/${options.route[r]}`; // eslint-disable-line security/detect-object-injection + this.loginPath = this._routeExternal('auth-login'); // eslint-disable-line sonarjs/no-duplicate-string // Service discovery - this.on(['GET'], route('metadata'), this.handlerGetMeta.bind(this)); + this.on(['GET'], this._route('metadata'), this.handlerGetMeta.bind(this)); // Also respond with metadata on well-known oauth2 endpoint if base has no prefix if ((options?.dingus?.selfBaseUrl?.match(/\//g) || []).length === 3) { this.on(['GET'], '/.well-known/oauth-authorization-server', this.handlerGetMeta.bind(this)); } // Primary endpoints - this.on(['GET'], route('authorization'), this.handlerGetAuthorization.bind(this)); - this.on(['POST'], route('authorization'), this.handlerPostAuthorization.bind(this)); - this.on(['POST'], route('consent'), this.handlerPostConsent.bind(this)); - this.on(['POST'], route('revocation'), this.handlerPostRevocation.bind(this)); - this.on(['POST'], route('ticket'), this.handlerPostTicket.bind(this)); - this.on(['POST'], route('token'), this.handlerPostToken.bind(this)); + this.on(['GET'], this._route('authorization'), this.handlerGetAuthorization.bind(this)); + this.on(['POST'], this._route('authorization'), this.handlerPostAuthorization.bind(this)); + this.on(['POST'], this._route('consent'), this.handlerPostConsent.bind(this)); + this.on(['POST'], this._route('revocation'), this.handlerPostRevocation.bind(this)); + this.on(['POST'], this._route('ticket'), this.handlerPostTicket.bind(this)); + this.on(['POST'], this._route('token'), this.handlerPostToken.bind(this)); // Resource endpoints - this.on('POST', route('introspection'), this.handlerPostIntrospection.bind(this)); - this.on('POST', route('userinfo'), this.handlerPostUserInfo.bind(this)); + this.on('POST', this._route('introspection'), this.handlerPostIntrospection.bind(this)); + this.on('POST', this._route('userinfo'), this.handlerPostUserInfo.bind(this)); // Information page about service this.on(['GET'], '/', this.handlerGetRoot.bind(this)); + // Temmporary to see what rando payload someone is sending us unsolicited + this.on(['POST'], '/', this.handlerWhaGwan.bind(this)); + // Give load-balancers something to check - this.on(['GET'], route('healthcheck'), this.handlerGetHealthcheck.bind(this)); + this.on(['GET'], this._route('healthcheck'), this.handlerGetHealthcheck.bind(this)); // These routes are intended for accessing static content during development. // In production, a proxy server would likely handle these first. - this.on(['GET'], '/static', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/static/`); - this.on(['GET'], '/static/', this.handlerGetStaticFile.bind(this), 'index.html'); - this.on(['GET'], '/static/:file', this.handlerGetStaticFile.bind(this)); + this.on(['GET'], this._route('static'), this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/static/`); + this.on(['GET'], this._route('static', ''), this.handlerGetStaticFile.bind(this), 'index.html'); + this.on(['GET'], this._route('static', ':file'), this.handlerGetStaticFile.bind(this)); this.on(['GET'], '/favicon.ico', this.handlerGetStaticFile.bind(this), 'favicon.ico'); this.on(['GET'], '/robots.txt', this.handlerGetStaticFile.bind(this), 'robots.txt'); // Profile and token management for authenticated sessions - this.on(['GET'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`); - this.on(['GET'], '/admin/', this.handlerGetAdmin.bind(this)); - this.on(['POST'], '/admin/', this.handlerPostAdmin.bind(this)); + this.on(['GET'], this._route('admin'), this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`); + this.on(['GET'], this._route('admin', ''), this.handlerGetAdmin.bind(this)); + this.on(['POST'], this._route('admin', ''), this.handlerPostAdmin.bind(this)); // Ticket-proffering interface for authenticated sessions - this.on(['GET'], '/admin/ticket', this.handlerGetAdminTicket.bind(this)); - this.on(['POST'], '/admin/ticket', this.handlerPostAdminTicket.bind(this)); + this.on(['GET'], this._route('admin-ticket'), this.handlerGetAdminTicket.bind(this)); + this.on(['POST'], this._route('admin-ticket'), this.handlerPostAdminTicket.bind(this)); // User authentication and session establishment - this.on(['GET'], '/admin/login', this.handlerGetAdminLogin.bind(this)); - this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this)); - this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this)); + this.on(['GET'], this._route('auth-login'), this.handlerGetAdminLogin.bind(this)); + this.on(['POST'], this._route('auth-login'), this.handlerPostAdminLogin.bind(this)); + this.on(['GET'], this._route('auth-logout'), this.handlerGetAdminLogout.bind(this)); + this.on(['GET'], this._route('auth-settings'), this.handlerGetAdminSettings.bind(this)); + this.on(['POST'], this._route('auth-settings'), this.handlerPostAdminSettings.bind(this)); // Page for upkeep info et cetera - this.on(['GET'], '/admin/maintenance', this.handlerGetAdminMaintenance.bind(this)); + this.on(['GET'], this._route('admin-maintenance'), this.handlerGetAdminMaintenance.bind(this)); + + } + + + /** + * Returns the configured route path for the given route name. + * @param {string} r route name + * @param {string=} t trailer to append to route + * @returns {string} route path + */ + _route(r, t) { + return `/${this.options.route[r]}${t !== undefined ? '/' + t : ''}`; // eslint-disable-line security/detect-object-injection + + } + + /** + * Returns the external route path for the given route name. + * @param {string} r route name + * @param {string=} t trailer to append to route + * @returns {string} route path + */ + _routeExternal(r, t) { + return this.options.dingus.proxyPrefix + this._route(r, t); } @@ -96,9 +126,9 @@ class Service extends Dingus { /** * Do a little more on each request. - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async preHandler(req, res, ctx) { const _scope = _fileScope('preHandler'); @@ -108,7 +138,7 @@ class Service extends Dingus { const logObject = this.asyncLocalStorage.getStore(); // istanbul ignore else - if (logObject) { // debugging in vscode seems to kill ALS, work around + if (logObject) { // Debugging in vscode seems to kill ALS, work around logObject.requestId = ctx.requestId; delete ctx.requestId; } else { @@ -118,9 +148,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminLogin(req, res, ctx) { const _scope = _fileScope('handlerGetAdminLogin'); @@ -130,14 +160,14 @@ class Service extends Dingus { await this.authenticator.sessionOptionalLocal(req, res, ctx); - await this.sessionManager.getAdminLogin(res, ctx); + await this.sessionManager.getAdminLogin(res, ctx, navLinks); } /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostAdminLogin(req, res, ctx) { const _scope = _fileScope('handlerPostAdminLogin'); @@ -151,14 +181,53 @@ class Service extends Dingus { await this.ingestBody(req, res, ctx); - await this.sessionManager.postAdminLogin(res, ctx); + await this.sessionManager.postAdminLogin(res, ctx, navLinks); } /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context + */ + async handlerGetAdminSettings(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminSettings'); + this.logger.debug(_scope, 'called', { req, ctx }); + + initContext(ctx); + + this.setResponseType(this.responseTypes, req, res, ctx); + + if (await this.authenticator.sessionRequiredLocal(req, res, ctx)) { + await this.sessionManager.getAdminSettings(res, ctx, navLinks); + } + } + + + /** + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context + */ + async handlerPostAdminSettings(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminSettings'); + this.logger.debug(_scope, 'called', { req, ctx }); + + initContext(ctx); + + this.setResponseType(this.responseTypes, req, res, ctx); + + if (await this.authenticator.sessionRequiredLocal(req, res, ctx)) { + await this.ingestBody(req, res, ctx); + await this.sessionManager.postAdminSettings(res, ctx, navLinks); + } + } + + + /** + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminLogout(req, res, ctx) { const _scope = _fileScope('handlerGetAdminLogout'); @@ -175,9 +244,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdmin(req, res, ctx) { const _scope = _fileScope('handlerGetAdmin'); @@ -194,9 +263,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostAdmin(req, res, ctx) { const _scope = _fileScope('handlerPostAdmin'); @@ -214,9 +283,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminTicket(req, res, ctx) { const _scope = _fileScope('handlerGetAdminTicket'); @@ -233,9 +302,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostAdminTicket(req, res, ctx) { const _scope = _fileScope('handlerPostAdminTicket'); @@ -253,9 +322,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetMeta(req, res, ctx) { const _scope = _fileScope('handlerGetMeta'); @@ -275,9 +344,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAuthorization(req, res, ctx) { const _scope = _fileScope('handlerGetAuthorization'); @@ -294,9 +363,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostAuthorization(req, res, ctx) { const _scope = _fileScope('handlerPostAuthorization'); @@ -318,9 +387,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostConsent(req, res, ctx) { const _scope = _fileScope('handlerPostConsent'); @@ -340,9 +409,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostTicket(req, res, ctx) { const _scope = _fileScope('handlerPostTicket'); @@ -362,9 +431,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostToken(req, res, ctx) { const _scope = _fileScope('handlerPostToken'); @@ -384,9 +453,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostRevocation(req, res, ctx) { const _scope = _fileScope('handlerPostRevocation'); @@ -406,9 +475,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostIntrospection(req, res, ctx) { const _scope = _fileScope('handlerPostIntrospection'); @@ -430,9 +499,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerPostUserInfo(req, res, ctx) { const _scope = _fileScope('handlerPostUserInfo'); @@ -452,9 +521,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetRoot(req, res, ctx) { const _scope = _fileScope('handlerGetRoot'); @@ -474,9 +543,21 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * Temporary to see what an unsolicited payload contains. + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context + */ + async handlerWhaGwan(req, res, ctx) { + this.setResponseType(this.responseTypes, req, res, ctx); + await this.ingestBody(req, res, ctx); + throw new ResponseError(Enum.ErrorResponse.MethodNotAllowed); + } + + /** + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetHealthcheck(req, res, ctx) { const _scope = _fileScope('handlerGetHealthcheck'); @@ -489,9 +570,9 @@ class Service extends Dingus { /** - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerGetAdminMaintenance(req, res, ctx) { const _scope = _fileScope('handlerGetAdminMaintenance'); @@ -512,9 +593,9 @@ class Service extends Dingus { * Intercept this and redirect if we have enough information, otherwise default to framework. * Fixing this will likely have to wait until an e2e test framework is in place. * The redirect attempt should probably be contained in a Manager method, but here it is for now. - * @param {http.IncomingMessage} req - * @param {http.ServerResponse} res - * @param {Object} ctx + * @param {http.IncomingMessage} req request + * @param {http.ServerResponse} res response + * @param {object} ctx context */ async handlerInternalServerError(req, res, ctx) { const _scope = _fileScope('handlerInternalServerError');