const common = require('./common');
const Enum = require('./enum');
const Manager = require('./manager');
-const Authenticator = require('./authenticator');
+const { Authenticator, SessionManager } = require('@squeep/authentication-module');
const path = require('path');
const _fileScope = common.fileScope(__filename);
this.manager = new Manager(logger, db, options);
this.authenticator = new Authenticator(logger, db, options);
+ this.sessionManager = new SessionManager(logger, this.authenticator, options);
this.staticPath = path.join(__dirname, '..', 'static');
+ this.loginPath = `${options.dingus.proxyPrefix}/admin/login`;
// Primary API endpoint
this.on('POST', '/', this.handlerPostRoot.bind(this));
// These routes are intended for accessing static content during development.
// In production, a proxy server would likely handle these first.
- this.on(['GET', 'HEAD'], '/static', (req, res, ctx) => this.handlerRedirect(req, res, ctx, `${options.dingus.proxyPrefix}/static/`));
- this.on(['GET', 'HEAD'], '/static/', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'index.html'));
+ this.on(['GET', 'HEAD'], '/static', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/static/`);
+ this.on(['GET', 'HEAD'], '/static/', this.handlerGetStaticFile.bind(this), 'index.html');
this.on(['GET', 'HEAD'], '/static/:file', this.handlerGetStaticFile.bind(this));
- this.on(['GET', 'HEAD'], '/favicon.ico', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'favicon.ico'));
- this.on(['GET', 'HEAD'], '/robots.txt', (req, res, ctx) => this.handlerGetStaticFile(req, res, ctx, 'robots.txt'));
+ this.on(['GET', 'HEAD'], '/favicon.ico', this.handlerGetStaticFile.bind(this), 'favicon.ico');
+ this.on(['GET', 'HEAD'], '/robots.txt', this.handlerGetStaticFile.bind(this), 'robots.txt');
// Private informational endpoints
- this.on(['GET', 'HEAD'], '/admin', (req, res, ctx) => this.handlerRedirect(req, res, ctx, `${options.dingus.proxyPrefix}/admin/`));
+ this.on(['GET', 'HEAD'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`);
this.on(['GET', 'HEAD'], '/admin/', this.handlerGetAdminOverview.bind(this));
this.on(['GET', 'HEAD'], '/admin/topic/:topicId', this.handlerGetAdminTopicDetails.bind(this));
// Private server-action endpoints
this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this));
- }
+ // Admin login
+ this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this));
+ this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this));
+ this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this));
+ this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this));
- /**
- * @param {http.ClientRequest} req
- * @param {http.ServerResponse} res
- * @param {Object} ctx
- * @param {String} newPath
- */
- async handlerRedirect(req, res, ctx, newPath) {
- const _scope = _fileScope('handlerRedirect');
- this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
-
- res.setHeader(Enum.Header.Location, newPath);
- res.statusCode = 307; // Temporary Redirect
- res.end();
}
/**
- * @param {http.ClientRequest} req
- * @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
*/
async handlerPostRoot(req, res, ctx) {
const _scope = _fileScope('handlerPostRoot');
/**
- * @param {http.ClientRequest} req
- * @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
*/
async handlerGetRoot(req, res, ctx) {
const _scope = _fileScope('handlerGetRoot');
/**
- * @param {http.ClientRequest} req
- * @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
*/
async handlerGetHealthcheck(req, res, ctx) {
const _scope = _fileScope('handlerGetHealthcheck');
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
async handlerGetInfo(req, res, ctx) {
const _scope = _fileScope('handlerGetInfo');
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
async handlerGetAdminOverview(req, res, ctx) {
const _scope = _fileScope('handlerGetAdminOverview');
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.sessionRequired(req, res, ctx, this.loginPath);
await this.manager.getAdminOverview(res, ctx);
}
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
async handlerGetAdminTopicDetails(req, res, ctx) {
const _scope = _fileScope('handlerGetAdminTopicDetails');
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.sessionRequired(req, res, ctx, this.loginPath);
await this.manager.getTopicDetails(res, ctx);
}
/**
- * Same as super.ingestBody, but if no body was sent, do not parse (and
+ * Similar to super.ingestBody, but if no body was sent, do not parse (and
* thus avoid possible unsupported media type error).
+ * Also removes raw body from context, to simplify scrubbing sensitive data from logs.
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
* @param {Object} ctx
const contentType = Dingus.getRequestContentType(req);
if (ctx.rawBody) {
this.parseBody(contentType, ctx);
+ delete ctx.rawBody;
}
}
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.apiRequiredLocal(req, res, ctx);
await this.maybeIngestBody(req, res, ctx);
ctx.method = req.method;
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.apiRequiredLocal(req, res, ctx);
await this.maybeIngestBody(req, res, ctx);
ctx.method = req.method;
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
+ */
+ async handlerPostAdminProcess(req, res, ctx) {
+ const _scope = _fileScope('handlerPostAdminProcess');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+
+ this.setResponseType(this.responseTypes, req, res, ctx);
+
+ await this.authenticator.apiRequiredLocal(req, res, ctx);
+
+ await this.manager.processTasks(res, ctx);
+ }
+
+
+ /**
+ * Delegate login to authentication module.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
*/
- async handlerGetStaticFile(req, res, ctx, file) {
- const _scope = _fileScope('handlerGetStaticFile');
- this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx, file });
+ async handlerGetAdminLogin(req, res, ctx) {
+ const _scope = _fileScope('handlerGetAdminLogin');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
Dingus.setHeadHandler(req, res, ctx);
- // Set a default response type to handle any errors; will be re-set to serve actual static content type.
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.serveFile(req, res, ctx, this.staticPath, file || ctx.params.file);
- this.logger.info(_scope, 'finished', { ctx: { ...ctx, responseBody: common.logTruncate((ctx.responseBody || '').toString(), 100) } });
+ await this.sessionManager.getAdminLogin(res, ctx);
}
/**
+ * Delegate login to authentication module.
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
- async handlerPostAdminProcess(req, res, ctx) {
- const _scope = _fileScope('handlerPostAdminProcess');
+ async handlerPostAdminLogin(req, res, ctx) {
+ const _scope = _fileScope('handlerPostAdminLogin');
this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.sessionOptionalLocal(req, res, ctx);
- await this.manager.processTasks(res, ctx);
+ await this.maybeIngestBody(req, res, ctx);
+
+ await this.sessionManager.postAdminLogin(res, ctx);
}
+
+
+ /**
+ * Delegate login to authentication module.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
+ */
+ async handlerGetAdminLogout(req, res, ctx) {
+ const _scope = _fileScope('handlerGetAdminLogout');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+
+ this.setResponseType(this.responseTypes, req, res, ctx);
+
+ await this.authenticator.sessionOptionalLocal(req, res, ctx);
+
+ await this.sessionManager.getAdminLogout(res, ctx);
+ }
+
+
+ /**
+ * Delegate login to authentication module.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
+ */
+ async handlerGetAdminIA(req, res, ctx) {
+ const _scope = _fileScope('handlerGetAdminIA');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+
+ this.setResponseType(this.responseTypes, req, res, ctx);
+
+ // Special case here, to see cookie before session established
+ ctx.cookie = req.getHeader(Enum.Header.Cookie);
+
+ await this.sessionManager.getAdminIA(res, ctx);
+ }
+
}
module.exports = Service;