X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=src%2Fservice.js;h=d493f8affdf83f3585973ad380c3f9a5ab8caa48;hb=ad5e19413b7f003abc61d12a5ff9dbcf20065c65;hp=df56ba0ba79137fea5265b91008ef002ae53503c;hpb=f92c90e92ded661ddd957580e7fbde8aaa24224d;p=websub-hub diff --git a/src/service.js b/src/service.js index df56ba0..d493f8a 100644 --- a/src/service.js +++ b/src/service.js @@ -9,7 +9,7 @@ const { Dingus } = require('@squeep/api-dingus'); const common = require('./common'); const Enum = require('./enum'); const Manager = require('./manager'); -const Authenticator = require('./authenticator'); +const { Authenticator, SessionManager } = require('@squeep/authentication-module'); const path = require('path'); const _fileScope = common.fileScope(__filename); @@ -23,7 +23,9 @@ class Service extends Dingus { this.manager = new Manager(logger, db, options); this.authenticator = new Authenticator(logger, db, options); + this.sessionManager = new SessionManager(logger, this.authenticator, options); this.staticPath = path.join(__dirname, '..', 'static'); + this.loginPath = `${options.dingus.proxyPrefix}/admin/login`; // Primary API endpoint this.on('POST', '/', this.handlerPostRoot.bind(this)); @@ -57,13 +59,20 @@ class Service extends Dingus { // Private server-action endpoints this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this)); + + // Admin login + this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this)); + this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this)); + this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this)); + this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this)); + } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerPostRoot(req, res, ctx) { const _scope = _fileScope('handlerPostRoot'); @@ -77,9 +86,9 @@ class Service extends Dingus { /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetRoot(req, res, ctx) { const _scope = _fileScope('handlerGetRoot'); @@ -92,14 +101,16 @@ class Service extends Dingus { this.setResponseType(responseTypes, req, res, ctx); + await this.authenticator.sessionOptional(req, res, ctx, this.loginPath); + await this.manager.getRoot(req, res, ctx); } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetHealthcheck(req, res, ctx) { const _scope = _fileScope('handlerGetHealthcheck'); @@ -116,7 +127,7 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetInfo(req, res, ctx) { const _scope = _fileScope('handlerGetInfo'); @@ -135,7 +146,7 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminOverview(req, res, ctx) { const _scope = _fileScope('handlerGetAdminOverview'); @@ -145,7 +156,7 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getAdminOverview(res, ctx); } @@ -154,7 +165,7 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminTopicDetails(req, res, ctx) { const _scope = _fileScope('handlerGetAdminTopicDetails'); @@ -164,15 +175,16 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getTopicDetails(res, ctx); } /** - * Same as super.ingestBody, but if no body was sent, do not parse (and + * Similar to super.ingestBody, but if no body was sent, do not parse (and * thus avoid possible unsupported media type error). + * Also removes raw body from context, to simplify scrubbing sensitive data from logs. * @param {http.ClientRequest} req * @param {http.ServerResponse} res * @param {Object} ctx @@ -182,6 +194,7 @@ class Service extends Dingus { const contentType = Dingus.getRequestContentType(req); if (ctx.rawBody) { this.parseBody(contentType, ctx); + delete ctx.rawBody; } } @@ -197,7 +210,7 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.maybeIngestBody(req, res, ctx); ctx.method = req.method; @@ -216,7 +229,7 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.maybeIngestBody(req, res, ctx); ctx.method = req.method; @@ -227,7 +240,7 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerPostAdminProcess(req, res, ctx) { const _scope = _fileScope('handlerPostAdminProcess'); @@ -235,10 +248,86 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.manager.processTasks(res, ctx); } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogin'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + Dingus.setHeadHandler(req, res, ctx); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.sessionManager.getAdminLogin(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerPostAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminLogin'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.sessionOptionalLocal(req, res, ctx); + + await this.maybeIngestBody(req, res, ctx); + + await this.sessionManager.postAdminLogin(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminLogout(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogout'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.sessionOptionalLocal(req, res, ctx); + + await this.sessionManager.getAdminLogout(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminIA(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminIA'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + // Special case here, to see cookie before session established + ctx.cookie = req.getHeader(Enum.Header.Cookie); + + await this.sessionManager.getAdminIA(res, ctx); + } + } module.exports = Service;