X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=src%2Fservice.js;h=7e07a49ca489206d5fabeeb44a8f2b87c6ec7dfa;hb=3aaef7251093bda0c2842ef3eb3f793a31d4699b;hp=c69f6fb7c891366dfbe02e659a54414a05da401d;hpb=28de4364128a4b03918a8cbe868009b5d427220a;p=websub-hub diff --git a/src/service.js b/src/service.js index c69f6fb..7e07a49 100644 --- a/src/service.js +++ b/src/service.js @@ -9,7 +9,7 @@ const { Dingus } = require('@squeep/api-dingus'); const common = require('./common'); const Enum = require('./enum'); const Manager = require('./manager'); -const Authenticator = require('./authenticator'); +const { Authenticator, SessionManager } = require('@squeep/authentication-module'); const path = require('path'); const _fileScope = common.fileScope(__filename); @@ -23,7 +23,9 @@ class Service extends Dingus { this.manager = new Manager(logger, db, options); this.authenticator = new Authenticator(logger, db, options); + this.sessionManager = new SessionManager(logger, this.authenticator, options); this.staticPath = path.join(__dirname, '..', 'static'); + this.loginPath = `${options.dingus.proxyPrefix}/admin/login`; // Primary API endpoint this.on('POST', '/', this.handlerPostRoot.bind(this)); @@ -40,16 +42,17 @@ class Service extends Dingus { // These routes are intended for accessing static content during development. // In production, a proxy server would likely handle these first. - this.on(['GET', 'HEAD'], '/static', (req, res, ctx) => this.handlerRedirect(req, res, ctx, `${options.dingus.proxyPrefix}/static/`)); - this.on(['GET', 'HEAD'], '/static/', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'index.html')); + this.on(['GET', 'HEAD'], '/static', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/static/`); + this.on(['GET', 'HEAD'], '/static/', this.handlerGetStaticFile.bind(this), 'index.html'); this.on(['GET', 'HEAD'], '/static/:file', this.handlerGetStaticFile.bind(this)); - this.on(['GET', 'HEAD'], '/favicon.ico', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'favicon.ico')); - this.on(['GET', 'HEAD'], '/robots.txt', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'robots.txt')); + this.on(['GET', 'HEAD'], '/favicon.ico', this.handlerGetStaticFile.bind(this), 'favicon.ico'); + this.on(['GET', 'HEAD'], '/robots.txt', this.handlerGetStaticFile.bind(this), 'robots.txt'); // Private informational endpoints - this.on(['GET', 'HEAD'], '/admin', (req, res, ctx) => this.handlerRedirect(req, res, ctx, `${options.dingus.proxyPrefix}/admin/`)); + this.on(['GET', 'HEAD'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`); this.on(['GET', 'HEAD'], '/admin/', this.handlerGetAdminOverview.bind(this)); this.on(['GET', 'HEAD'], '/admin/topic/:topicId', this.handlerGetAdminTopicDetails.bind(this)); + this.on(['GET', 'HEAD'], '/admin/topic/:topicId/history.svg', this.handlerGetHistorySVG.bind(this)); // Private data-editing endpoints this.on(['PATCH', 'DELETE'], '/admin/topic/:topicId', this.handlerUpdateTopic.bind(this)); @@ -57,33 +60,24 @@ class Service extends Dingus { // Private server-action endpoints this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this)); - } + // Admin login + this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this)); + this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this)); + this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this)); + this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this)); - /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx - * @param {String} newPath - */ - async handlerRedirect(req, res, ctx, newPath) { - const _scope = _fileScope('handlerRedirect'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - - res.setHeader(Enum.Header.Location, newPath); - res.statusCode = 307; // Temporary Redirect - res.end(); } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerPostRoot(req, res, ctx) { const _scope = _fileScope('handlerPostRoot'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); await this.ingestBody(req, res, ctx); @@ -93,33 +87,35 @@ class Service extends Dingus { /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetRoot(req, res, ctx) { const _scope = _fileScope('handlerGetRoot'); const responseTypes = [ Enum.ContentType.TextHTML, ]; - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); this.setResponseType(responseTypes, req, res, ctx); + await this.authenticator.sessionOptional(req, res, ctx, this.loginPath); + await this.manager.getRoot(req, res, ctx); } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetHealthcheck(req, res, ctx) { const _scope = _fileScope('handlerGetHealthcheck'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); @@ -132,11 +128,11 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetInfo(req, res, ctx) { const _scope = _fileScope('handlerGetInfo'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); const responseTypes = [...this.responseTypes, Enum.ContentType.ImageSVG]; @@ -148,20 +144,34 @@ class Service extends Dingus { } + async handlerGetHistorySVG(req, res, ctx) { + const _scope = _fileScope('handlerGetHist'); + this.logger.debug(_scope, 'called', { req, ctx }); + + const responseTypes = [Enum.ContentType.ImageSVG]; + + Dingus.setHeadHandler(req, res, ctx); + + this.setResponseType(responseTypes, req, res, ctx); + + await this.manager.getHistorySVG(res, ctx); + } + + /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminOverview(req, res, ctx) { const _scope = _fileScope('handlerGetAdminOverview'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getAdminOverview(res, ctx); } @@ -170,35 +180,32 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminTopicDetails(req, res, ctx) { const _scope = _fileScope('handlerGetAdminTopicDetails'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getTopicDetails(res, ctx); } /** - * Same as super.ingestBody, but if no body was sent, do not parse (and - * thus avoid possible unsupported media type error). + * If no body was sent, do not parse (and thus avoid possible unsupported media type error). * @param {http.ClientRequest} req * @param {http.ServerResponse} res * @param {Object} ctx */ async maybeIngestBody(req, res, ctx) { - ctx.rawBody = await this.bodyData(req); - const contentType = Dingus.getRequestContentType(req); - if (ctx.rawBody) { - this.parseBody(contentType, ctx); - } + return super.ingestBody(req, res, ctx, { + parseEmptyBody: false, + }); } @@ -209,11 +216,11 @@ class Service extends Dingus { */ async handlerUpdateTopic(req, res, ctx) { const _scope = _fileScope('handlerUpdateTopic'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.maybeIngestBody(req, res, ctx); ctx.method = req.method; @@ -228,11 +235,11 @@ class Service extends Dingus { */ async handlerUpdateSubscription(req, res, ctx) { const _scope = _fileScope('handlerUpdateSubscription'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.maybeIngestBody(req, res, ctx); ctx.method = req.method; @@ -243,37 +250,94 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx + */ + async handlerPostAdminProcess(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminProcess'); + this.logger.debug(_scope, 'called', { req, ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.apiRequiredLocal(req, res, ctx); + + await this.manager.processTasks(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ - async handlerGetStaticFile(req, res, ctx, file) { - const _scope = _fileScope('handlerGetStaticFile'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx, file }); + async handlerGetAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogin'); + this.logger.debug(_scope, 'called', { req, ctx }); Dingus.setHeadHandler(req, res, ctx); - // Set a default response type to handle any errors; will be re-set to serve actual static content type. this.setResponseType(this.responseTypes, req, res, ctx); - await this.serveFile(req, res, ctx, this.staticPath, file || ctx.params.file); - this.logger.info(_scope, 'finished', { ctx: { ...ctx, responseBody: common.logTruncate((ctx.responseBody || '').toString(), 100) } }); + await this.sessionManager.getAdminLogin(res, ctx); } /** + * Delegate login to authentication module. * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ - async handlerPostAdminProcess(req, res, ctx) { - const _scope = _fileScope('handlerPostAdminProcess'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + async handlerPostAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminLogin'); + this.logger.debug(_scope, 'called', { req, ctx }); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionOptionalLocal(req, res, ctx); - await this.manager.processTasks(res, ctx); + await this.maybeIngestBody(req, res, ctx); + + await this.sessionManager.postAdminLogin(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminLogout(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogout'); + this.logger.debug(_scope, 'called', { req, ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.sessionOptionalLocal(req, res, ctx); + + await this.sessionManager.getAdminLogout(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminIA(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminIA'); + this.logger.debug(_scope, 'called', { req, ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + // Special case here, to see cookie before session established + ctx.cookie = req.getHeader(Enum.Header.Cookie); + + await this.sessionManager.getAdminIA(res, ctx); } + } module.exports = Service;