X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=src%2Fservice.js;h=df894011dc84f7cad424467b9e62720d4890f9d4;hb=737fbd003d5c4dfea81b667ef906f1c106a60612;hp=dfba6b8f9747a20694aa9f8f1c4a268857d5ee5e;hpb=9696c012e6b9a6c58904baa397ca0ebf78112316;p=websub-hub diff --git a/src/service.js b/src/service.js index dfba6b8..df89401 100644 --- a/src/service.js +++ b/src/service.js @@ -9,7 +9,7 @@ const { Dingus } = require('@squeep/api-dingus'); const common = require('./common'); const Enum = require('./enum'); const Manager = require('./manager'); -const Authenticator = require('./authenticator'); +const { Authenticator, SessionManager } = require('@squeep/authentication-module'); const path = require('path'); const _fileScope = common.fileScope(__filename); @@ -23,7 +23,9 @@ class Service extends Dingus { this.manager = new Manager(logger, db, options); this.authenticator = new Authenticator(logger, db, options); + this.sessionManager = new SessionManager(logger, this.authenticator, options); this.staticPath = path.join(__dirname, '..', 'static'); + this.loginPath = `${options.dingus.proxyPrefix}/admin/login`; // Primary API endpoint this.on('POST', '/', this.handlerPostRoot.bind(this)); @@ -40,16 +42,17 @@ class Service extends Dingus { // These routes are intended for accessing static content during development. // In production, a proxy server would likely handle these first. - this.on(['GET', 'HEAD'], '/static', (req, res, ctx) => this.handlerRedirect(req, res, ctx, `${options.dingus.proxyPrefix}/static/`)); - this.on(['GET', 'HEAD'], '/static/', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'index.html')); + this.on(['GET', 'HEAD'], '/static', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/static/`); + this.on(['GET', 'HEAD'], '/static/', this.handlerGetStaticFile.bind(this), 'index.html'); this.on(['GET', 'HEAD'], '/static/:file', this.handlerGetStaticFile.bind(this)); - this.on(['GET', 'HEAD'], '/favicon.ico', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'favicon.ico')); - this.on(['GET', 'HEAD'], '/robots.txt', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'robots.txt')); + this.on(['GET', 'HEAD'], '/favicon.ico', this.handlerGetStaticFile.bind(this), 'favicon.ico'); + this.on(['GET', 'HEAD'], '/robots.txt', this.handlerGetStaticFile.bind(this), 'robots.txt'); // Private informational endpoints - this.on(['GET', 'HEAD'], '/admin', (req, res, ctx) => this.handlerRedirect(req, res, ctx, `${options.dingus.proxyPrefix}/admin/`)); + this.on(['GET', 'HEAD'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`); this.on(['GET', 'HEAD'], '/admin/', this.handlerGetAdminOverview.bind(this)); this.on(['GET', 'HEAD'], '/admin/topic/:topicId', this.handlerGetAdminTopicDetails.bind(this)); + this.on(['GET', 'HEAD'], '/admin/topic/:topicId/history.svg', this.handlerGetHistorySVG.bind(this)); // Private data-editing endpoints this.on(['PATCH', 'DELETE'], '/admin/topic/:topicId', this.handlerUpdateTopic.bind(this)); @@ -57,29 +60,38 @@ class Service extends Dingus { // Private server-action endpoints this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this)); - } - - /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {Object} ctx - * @param {String} newPath - */ - async handlerRedirect(req, res, ctx, newPath) { - const _scope = _fileScope('handlerRedirect'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + // Admin login + this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this)); + this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this)); + this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this)); + this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this)); - res.setHeader(Enum.Header.Location, newPath); - res.statusCode = 307; // Temporary Redirect - res.end(); } + /** + * Wrap the Dingus head handler, to remove the response body from the context, + * lest it be logged. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {object} ctx + */ + static setHeadHandler(req, res, ctx) { + if (req.method === 'HEAD') { + Dingus.setHeadHandler(req, res, ctx); + const origEnd = res.end.bind(res); + res.end = function (data, encoding, ...rest) { + const origResult = origEnd(data, encoding, ...rest); + delete ctx.responseBody; + return origResult; + }; + } + } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerPostRoot(req, res, ctx) { const _scope = _fileScope('handlerPostRoot'); @@ -93,9 +105,9 @@ class Service extends Dingus { /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetRoot(req, res, ctx) { const _scope = _fileScope('handlerGetRoot'); @@ -104,24 +116,26 @@ class Service extends Dingus { ]; this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(responseTypes, req, res, ctx); + await this.authenticator.sessionOptional(req, res, ctx, this.loginPath); + await this.manager.getRoot(req, res, ctx); } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetHealthcheck(req, res, ctx) { const _scope = _fileScope('handlerGetHealthcheck'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); @@ -132,7 +146,7 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetInfo(req, res, ctx) { const _scope = _fileScope('handlerGetInfo'); @@ -140,7 +154,7 @@ class Service extends Dingus { const responseTypes = [...this.responseTypes, Enum.ContentType.ImageSVG]; - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(responseTypes, req, res, ctx); @@ -148,20 +162,34 @@ class Service extends Dingus { } + async handlerGetHistorySVG(req, res, ctx) { + const _scope = _fileScope('handlerGetHist'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + const responseTypes = [Enum.ContentType.ImageSVG]; + + Service.setHeadHandler(req, res, ctx); + + this.setResponseType(responseTypes, req, res, ctx); + + await this.manager.getHistorySVG(res, ctx); + } + + /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminOverview(req, res, ctx) { const _scope = _fileScope('handlerGetAdminOverview'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getAdminOverview(res, ctx); } @@ -170,24 +198,26 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminTopicDetails(req, res, ctx) { const _scope = _fileScope('handlerGetAdminTopicDetails'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getTopicDetails(res, ctx); } + /** - * Same as super.ingestBody, but if no body was send, do not parse (and + * Similar to super.ingestBody, but if no body was sent, do not parse (and * thus avoid possible unsupported media type error). + * Also removes raw body from context, to simplify scrubbing sensitive data from logs. * @param {http.ClientRequest} req * @param {http.ServerResponse} res * @param {Object} ctx @@ -197,6 +227,7 @@ class Service extends Dingus { const contentType = Dingus.getRequestContentType(req); if (ctx.rawBody) { this.parseBody(contentType, ctx); + delete ctx.rawBody; } } @@ -206,13 +237,13 @@ class Service extends Dingus { * @param {http.ServerResponse} res * @param {Object} ctx */ - async handlerUpdateTopic(req, res, ctx) { + async handlerUpdateTopic(req, res, ctx) { const _scope = _fileScope('handlerUpdateTopic'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.maybeIngestBody(req, res, ctx); ctx.method = req.method; @@ -226,53 +257,110 @@ class Service extends Dingus { * @param {Object} ctx */ async handlerUpdateSubscription(req, res, ctx) { - const _scope = _fileScope('handlerUpdateSubscription'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + const _scope = _fileScope('handlerUpdateSubscription'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - this.setResponseType(this.responseTypes, req, res, ctx); + this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); - await this.maybeIngestBody(req, res, ctx); - ctx.method = req.method; - await this.manager.updateSubscription(res, ctx); -} + await this.maybeIngestBody(req, res, ctx); + ctx.method = req.method; + await this.manager.updateSubscription(res, ctx); + } /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx + */ + async handlerPostAdminProcess(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminProcess'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.apiRequiredLocal(req, res, ctx); + + await this.manager.processTasks(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ - async handlerGetStaticFile(req, res, ctx, file) { - const _scope = _fileScope('handlerGetStaticFile'); - this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx, file }); + async handlerGetAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogin'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); - // Set a default response type to handle any errors; will be re-set to serve actual static content type. this.setResponseType(this.responseTypes, req, res, ctx); - await this.serveFile(req, res, ctx, this.staticPath, file || ctx.params.file); - this.logger.info(_scope, 'finished', { ctx }); + await this.sessionManager.getAdminLogin(res, ctx); } /** + * Delegate login to authentication module. * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ - async handlerPostAdminProcess(req, res, ctx) { - const _scope = _fileScope('handlerPostAdminProcess'); + async handlerPostAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminLogin'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionOptionalLocal(req, res, ctx); - await this.manager.processTasks(res, ctx); + await this.maybeIngestBody(req, res, ctx); + + await this.sessionManager.postAdminLogin(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminLogout(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogout'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.sessionOptionalLocal(req, res, ctx); + + await this.sessionManager.getAdminLogout(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminIA(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminIA'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + // Special case here, to see cookie before session established + ctx.cookie = req.getHeader(Enum.Header.Cookie); + + await this.sessionManager.getAdminIA(res, ctx); } + } module.exports = Service;