const common = require('./common');
const Enum = require('./enum');
const Manager = require('./manager');
-const Authenticator = require('./authenticator');
+const { Authenticator, SessionManager } = require('@squeep/authentication-module');
const path = require('path');
const _fileScope = common.fileScope(__filename);
this.manager = new Manager(logger, db, options);
this.authenticator = new Authenticator(logger, db, options);
+ this.sessionManager = new SessionManager(logger, this.authenticator, options);
this.staticPath = path.join(__dirname, '..', 'static');
+ this.loginPath = `${options.dingus.proxyPrefix}/admin/login`;
// Primary API endpoint
this.on('POST', '/', this.handlerPostRoot.bind(this));
// Private server-action endpoints
this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this));
+
+ // Admin login
+ this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this));
+ this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this));
+ this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this));
+ this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this));
+
}
/**
- * @param {http.ClientRequest} req
- * @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
*/
async handlerPostRoot(req, res, ctx) {
const _scope = _fileScope('handlerPostRoot');
/**
- * @param {http.ClientRequest} req
- * @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
*/
async handlerGetRoot(req, res, ctx) {
const _scope = _fileScope('handlerGetRoot');
/**
- * @param {http.ClientRequest} req
- * @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
*/
async handlerGetHealthcheck(req, res, ctx) {
const _scope = _fileScope('handlerGetHealthcheck');
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
async handlerGetInfo(req, res, ctx) {
const _scope = _fileScope('handlerGetInfo');
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
async handlerGetAdminOverview(req, res, ctx) {
const _scope = _fileScope('handlerGetAdminOverview');
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.sessionRequired(req, res, ctx, this.loginPath);
await this.manager.getAdminOverview(res, ctx);
}
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
async handlerGetAdminTopicDetails(req, res, ctx) {
const _scope = _fileScope('handlerGetAdminTopicDetails');
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.sessionRequired(req, res, ctx, this.loginPath);
await this.manager.getTopicDetails(res, ctx);
}
/**
- * Same as super.ingestBody, but if no body was sent, do not parse (and
+ * Similar to super.ingestBody, but if no body was sent, do not parse (and
* thus avoid possible unsupported media type error).
+ * Also removes raw body from context, to simplify scrubbing sensitive data from logs.
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
* @param {Object} ctx
const contentType = Dingus.getRequestContentType(req);
if (ctx.rawBody) {
this.parseBody(contentType, ctx);
+ delete ctx.rawBody;
}
}
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.apiRequiredLocal(req, res, ctx);
await this.maybeIngestBody(req, res, ctx);
ctx.method = req.method;
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.apiRequiredLocal(req, res, ctx);
await this.maybeIngestBody(req, res, ctx);
ctx.method = req.method;
/**
* @param {http.ClientRequest} req
* @param {http.ServerResponse} res
- * @param {object} ctx
+ * @param {Object} ctx
*/
async handlerPostAdminProcess(req, res, ctx) {
const _scope = _fileScope('handlerPostAdminProcess');
this.setResponseType(this.responseTypes, req, res, ctx);
- await this.authenticator.required(req, res, ctx);
+ await this.authenticator.apiRequiredLocal(req, res, ctx);
await this.manager.processTasks(res, ctx);
}
+
+
+ /**
+ * Delegate login to authentication module.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
+ */
+ async handlerGetAdminLogin(req, res, ctx) {
+ const _scope = _fileScope('handlerGetAdminLogin');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+
+ Dingus.setHeadHandler(req, res, ctx);
+
+ this.setResponseType(this.responseTypes, req, res, ctx);
+
+ await this.sessionManager.getAdminLogin(res, ctx);
+ }
+
+
+ /**
+ * Delegate login to authentication module.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
+ */
+ async handlerPostAdminLogin(req, res, ctx) {
+ const _scope = _fileScope('handlerPostAdminLogin');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+
+ this.setResponseType(this.responseTypes, req, res, ctx);
+
+ await this.authenticator.sessionOptionalLocal(req, res, ctx);
+
+ await this.maybeIngestBody(req, res, ctx);
+
+ await this.sessionManager.postAdminLogin(res, ctx);
+ }
+
+
+ /**
+ * Delegate login to authentication module.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
+ */
+ async handlerGetAdminLogout(req, res, ctx) {
+ const _scope = _fileScope('handlerGetAdminLogout');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+
+ this.setResponseType(this.responseTypes, req, res, ctx);
+
+ await this.authenticator.sessionOptionalLocal(req, res, ctx);
+
+ await this.sessionManager.getAdminLogout(res, ctx);
+ }
+
+
+ /**
+ * Delegate login to authentication module.
+ * @param {http.ClientRequest} req
+ * @param {http.ServerResponse} res
+ * @param {Object} ctx
+ */
+ async handlerGetAdminIA(req, res, ctx) {
+ const _scope = _fileScope('handlerGetAdminIA');
+ this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+
+ this.setResponseType(this.responseTypes, req, res, ctx);
+
+ // Special case here, to see cookie before session established
+ ctx.cookie = req.getHeader(Enum.Header.Cookie);
+
+ await this.sessionManager.getAdminIA(res, ctx);
+ }
+
}
module.exports = Service;
projects / websub-hub / blobdiff