X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=src%2Fservice.js;h=e76959978eddab7a554dbe80eb4d31ffa9c10d8a;hb=HEAD;hp=df56ba0ba79137fea5265b91008ef002ae53503c;hpb=d32ce0a7ed3840bb3a78f12c35eca0244a34e78a;p=websub-hub

diff --git a/src/service.js b/src/service.js
index df56ba0..e769599 100644
--- a/src/service.js
+++ b/src/service.js
@@ -9,7 +9,7 @@ const { Dingus } = require('@squeep/api-dingus');
 const common = require('./common');
 const Enum = require('./enum');
 const Manager = require('./manager');
-const Authenticator = require('./authenticator');
+const { Authenticator, SessionManager } = require('@squeep/authentication-module');
 const path = require('path');
 
 const _fileScope = common.fileScope(__filename);
@@ -23,7 +23,9 @@ class Service extends Dingus {
 
     this.manager = new Manager(logger, db, options);
     this.authenticator = new Authenticator(logger, db, options);
+    this.sessionManager = new SessionManager(logger, this.authenticator, options);
     this.staticPath = path.join(__dirname, '..', 'static');
+    this.loginPath = `${options.dingus.proxyPrefix}/admin/login`;
 
     // Primary API endpoint
     this.on('POST', '/', this.handlerPostRoot.bind(this));
@@ -50,6 +52,7 @@ class Service extends Dingus {
     this.on(['GET', 'HEAD'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`);
     this.on(['GET', 'HEAD'], '/admin/', this.handlerGetAdminOverview.bind(this));
     this.on(['GET', 'HEAD'], '/admin/topic/:topicId', this.handlerGetAdminTopicDetails.bind(this));
+    this.on(['GET', 'HEAD'], '/admin/topic/:topicId/history.svg', this.handlerGetHistorySVG.bind(this));
 
     // Private data-editing endpoints
     this.on(['PATCH', 'DELETE'], '/admin/topic/:topicId', this.handlerUpdateTopic.bind(this));
@@ -57,17 +60,24 @@ class Service extends Dingus {
 
     // Private server-action endpoints
     this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this));
+
+    // Admin login
+    this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this));
+    this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this));
+    this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this));
+    this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this));
+
   }
 
 
   /**
-   * @param {http.ClientRequest} req 
-   * @param {http.ServerResponse} res 
-   * @param {object} ctx 
+   * @param {http.ClientRequest} req
+   * @param {http.ServerResponse} res
+   * @param {Object} ctx
    */
   async handlerPostRoot(req, res, ctx) {
     const _scope = _fileScope('handlerPostRoot');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     this.setResponseType(this.responseTypes, req, res, ctx);
     await this.ingestBody(req, res, ctx);
@@ -77,33 +87,35 @@ class Service extends Dingus {
 
 
   /**
-   * @param {http.ClientRequest} req 
-   * @param {http.ServerResponse} res 
-   * @param {object} ctx 
+   * @param {http.ClientRequest} req
+   * @param {http.ServerResponse} res
+   * @param {Object} ctx
    */
   async handlerGetRoot(req, res, ctx) {
     const _scope = _fileScope('handlerGetRoot');
     const responseTypes = [
       Enum.ContentType.TextHTML,
     ];
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     Dingus.setHeadHandler(req, res, ctx);
 
     this.setResponseType(responseTypes, req, res, ctx);
 
+    await this.authenticator.sessionOptional(req, res, ctx, this.loginPath);
+
     await this.manager.getRoot(req, res, ctx);
   }
 
 
   /**
-   * @param {http.ClientRequest} req 
-   * @param {http.ServerResponse} res 
-   * @param {object} ctx 
+   * @param {http.ClientRequest} req
+   * @param {http.ServerResponse} res
+   * @param {Object} ctx
    */
   async handlerGetHealthcheck(req, res, ctx) {
     const _scope = _fileScope('handlerGetHealthcheck');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
   
     Dingus.setHeadHandler(req, res, ctx);
 
@@ -116,11 +128,11 @@ class Service extends Dingus {
   /**
    * @param {http.ClientRequest} req
    * @param {http.ServerResponse} res
-   * @param {object} ctx
+   * @param {Object} ctx
    */
   async handlerGetInfo(req, res, ctx) {
     const _scope = _fileScope('handlerGetInfo');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     const responseTypes = [...this.responseTypes, Enum.ContentType.ImageSVG];
 
@@ -132,57 +144,68 @@ class Service extends Dingus {
   }
 
 
+  async handlerGetHistorySVG(req, res, ctx) {
+    const _scope = _fileScope('handlerGetHist');
+    this.logger.debug(_scope, 'called', { req, ctx });
+
+    const responseTypes = [Enum.ContentType.ImageSVG];
+
+    Dingus.setHeadHandler(req, res, ctx);
+
+    this.setResponseType(responseTypes, req, res, ctx);
+
+    await this.manager.getHistorySVG(res, ctx);
+  }
+
+
   /**
    * @param {http.ClientRequest} req
    * @param {http.ServerResponse} res
-   * @param {object} ctx
+   * @param {Object} ctx
    */
   async handlerGetAdminOverview(req, res, ctx) {
     const _scope = _fileScope('handlerGetAdminOverview');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     Dingus.setHeadHandler(req, res, ctx);
 
     this.setResponseType(this.responseTypes, req, res, ctx);
 
-    await this.authenticator.required(req, res, ctx);
-
-    await this.manager.getAdminOverview(res, ctx);
+    if (await this.authenticator.sessionRequired(req, res, ctx, this.loginPath)) {
+      await this.manager.getAdminOverview(res, ctx);
+    }
   }
 
 
   /**
    * @param {http.ClientRequest} req
    * @param {http.ServerResponse} res
-   * @param {object} ctx
+   * @param {Object} ctx
    */
   async handlerGetAdminTopicDetails(req, res, ctx) {
     const _scope = _fileScope('handlerGetAdminTopicDetails');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     Dingus.setHeadHandler(req, res, ctx);
 
     this.setResponseType(this.responseTypes, req, res, ctx);
 
-    await this.authenticator.required(req, res, ctx);
-
-    await this.manager.getTopicDetails(res, ctx);
+    if (await this.authenticator.sessionRequired(req, res, ctx, this.loginPath)) {
+      await this.manager.getTopicDetails(res, ctx);
+    }
   }
 
 
   /**
-   * Same as super.ingestBody, but if no body was sent, do not parse (and
-   * thus avoid possible unsupported media type error).
+   * If no body was sent, do not parse (and thus avoid possible unsupported media type error).
    * @param {http.ClientRequest} req
    * @param {http.ServerResponse} res
    * @param {Object} ctx
    */
   async maybeIngestBody(req, res, ctx) {
-    ctx.rawBody = await this.bodyData(req);
-    const contentType = Dingus.getRequestContentType(req);
-    if (ctx.rawBody) {
-      this.parseBody(contentType, ctx);
-    }
+    return super.ingestBody(req, res, ctx, {
+      parseEmptyBody: false,
+    });
   }
 
 
@@ -193,11 +216,11 @@ class Service extends Dingus {
    */
   async handlerUpdateTopic(req, res, ctx) {
     const _scope = _fileScope('handlerUpdateTopic');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     this.setResponseType(this.responseTypes, req, res, ctx);
 
-    await this.authenticator.required(req, res, ctx);
+    await this.authenticator.apiRequiredLocal(req, res, ctx);
 
     await this.maybeIngestBody(req, res, ctx);
     ctx.method = req.method;
@@ -212,11 +235,11 @@ class Service extends Dingus {
    */
   async handlerUpdateSubscription(req, res, ctx) {
     const _scope = _fileScope('handlerUpdateSubscription');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     this.setResponseType(this.responseTypes, req, res, ctx);
 
-    await this.authenticator.required(req, res, ctx);
+    await this.authenticator.apiRequiredLocal(req, res, ctx);
 
     await this.maybeIngestBody(req, res, ctx);
     ctx.method = req.method;
@@ -227,18 +250,94 @@ class Service extends Dingus {
   /**
    * @param {http.ClientRequest} req
    * @param {http.ServerResponse} res
-   * @param {object} ctx
+   * @param {Object} ctx
    */
   async handlerPostAdminProcess(req, res, ctx) {
     const _scope = _fileScope('handlerPostAdminProcess');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
 
     this.setResponseType(this.responseTypes, req, res, ctx);
 
-    await this.authenticator.required(req, res, ctx);
+    await this.authenticator.apiRequiredLocal(req, res, ctx);
 
     await this.manager.processTasks(res, ctx);
   }
+
+
+  /**
+   * Delegate login to authentication module.
+   * @param {http.ClientRequest} req
+   * @param {http.ServerResponse} res
+   * @param {Object} ctx
+   */
+  async handlerGetAdminLogin(req, res, ctx) {
+    const _scope = _fileScope('handlerGetAdminLogin');
+    this.logger.debug(_scope, 'called', { req, ctx });
+
+    Dingus.setHeadHandler(req, res, ctx);
+
+    this.setResponseType(this.responseTypes, req, res, ctx);
+
+    await this.sessionManager.getAdminLogin(res, ctx);
+  }
+
+
+  /**
+   * Delegate login to authentication module.
+   * @param {http.ClientRequest} req
+   * @param {http.ServerResponse} res
+   * @param {Object} ctx
+   */
+  async handlerPostAdminLogin(req, res, ctx) {
+    const _scope = _fileScope('handlerPostAdminLogin');
+    this.logger.debug(_scope, 'called', { req, ctx });
+
+    this.setResponseType(this.responseTypes, req, res, ctx);
+
+    await this.authenticator.sessionOptionalLocal(req, res, ctx);
+
+    await this.maybeIngestBody(req, res, ctx);
+
+    await this.sessionManager.postAdminLogin(res, ctx);
+  }
+
+
+  /**
+   * Delegate login to authentication module.
+   * @param {http.ClientRequest} req
+   * @param {http.ServerResponse} res
+   * @param {Object} ctx
+   */
+  async handlerGetAdminLogout(req, res, ctx) {
+    const _scope = _fileScope('handlerGetAdminLogout');
+    this.logger.debug(_scope, 'called', { req, ctx });
+
+    this.setResponseType(this.responseTypes, req, res, ctx);
+
+    await this.authenticator.sessionOptionalLocal(req, res, ctx);
+
+    await this.sessionManager.getAdminLogout(res, ctx);
+  }
+
+
+  /**
+   * Delegate login to authentication module.
+   * @param {http.ClientRequest} req
+   * @param {http.ServerResponse} res
+   * @param {Object} ctx
+   */
+  async handlerGetAdminIA(req, res, ctx) {
+    const _scope = _fileScope('handlerGetAdminIA');
+    this.logger.debug(_scope, 'called', { req, ctx });
+
+    this.setResponseType(this.responseTypes, req, res, ctx);
+
+    // Special case here, to see cookie before session established
+    ctx.cookie = req.getHeader(Enum.Header.Cookie);
+
+    await this.sessionManager.getAdminIA(res, ctx);
+  }
+
 }
 
 module.exports = Service;