X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=src%2Fservice.js;h=df894011dc84f7cad424467b9e62720d4890f9d4;hb=d872170d957be57d95796f9083f1702cd890c0b6;hp=df56ba0ba79137fea5265b91008ef002ae53503c;hpb=f92c90e92ded661ddd957580e7fbde8aaa24224d;p=websub-hub diff --git a/src/service.js b/src/service.js index df56ba0..df89401 100644 --- a/src/service.js +++ b/src/service.js @@ -9,7 +9,7 @@ const { Dingus } = require('@squeep/api-dingus'); const common = require('./common'); const Enum = require('./enum'); const Manager = require('./manager'); -const Authenticator = require('./authenticator'); +const { Authenticator, SessionManager } = require('@squeep/authentication-module'); const path = require('path'); const _fileScope = common.fileScope(__filename); @@ -23,7 +23,9 @@ class Service extends Dingus { this.manager = new Manager(logger, db, options); this.authenticator = new Authenticator(logger, db, options); + this.sessionManager = new SessionManager(logger, this.authenticator, options); this.staticPath = path.join(__dirname, '..', 'static'); + this.loginPath = `${options.dingus.proxyPrefix}/admin/login`; // Primary API endpoint this.on('POST', '/', this.handlerPostRoot.bind(this)); @@ -50,6 +52,7 @@ class Service extends Dingus { this.on(['GET', 'HEAD'], '/admin', this.handlerRedirect.bind(this), `${options.dingus.proxyPrefix}/admin/`); this.on(['GET', 'HEAD'], '/admin/', this.handlerGetAdminOverview.bind(this)); this.on(['GET', 'HEAD'], '/admin/topic/:topicId', this.handlerGetAdminTopicDetails.bind(this)); + this.on(['GET', 'HEAD'], '/admin/topic/:topicId/history.svg', this.handlerGetHistorySVG.bind(this)); // Private data-editing endpoints this.on(['PATCH', 'DELETE'], '/admin/topic/:topicId', this.handlerUpdateTopic.bind(this)); @@ -57,13 +60,38 @@ class Service extends Dingus { // Private server-action endpoints this.on('POST', '/admin/process', this.handlerPostAdminProcess.bind(this)); + + // Admin login + this.on(['GET', 'HEAD'], '/admin/login', this.handlerGetAdminLogin.bind(this)); + this.on(['POST'], '/admin/login', this.handlerPostAdminLogin.bind(this)); + this.on(['GET'], '/admin/logout', this.handlerGetAdminLogout.bind(this)); + this.on(['GET'], '/admin/_ia', this.handlerGetAdminIA.bind(this)); + } + /** + * Wrap the Dingus head handler, to remove the response body from the context, + * lest it be logged. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {object} ctx + */ + static setHeadHandler(req, res, ctx) { + if (req.method === 'HEAD') { + Dingus.setHeadHandler(req, res, ctx); + const origEnd = res.end.bind(res); + res.end = function (data, encoding, ...rest) { + const origResult = origEnd(data, encoding, ...rest); + delete ctx.responseBody; + return origResult; + }; + } + } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerPostRoot(req, res, ctx) { const _scope = _fileScope('handlerPostRoot'); @@ -77,9 +105,9 @@ class Service extends Dingus { /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetRoot(req, res, ctx) { const _scope = _fileScope('handlerGetRoot'); @@ -88,24 +116,26 @@ class Service extends Dingus { ]; this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(responseTypes, req, res, ctx); + await this.authenticator.sessionOptional(req, res, ctx, this.loginPath); + await this.manager.getRoot(req, res, ctx); } /** - * @param {http.ClientRequest} req - * @param {http.ServerResponse} res - * @param {object} ctx + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx */ async handlerGetHealthcheck(req, res, ctx) { const _scope = _fileScope('handlerGetHealthcheck'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); @@ -116,7 +146,7 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetInfo(req, res, ctx) { const _scope = _fileScope('handlerGetInfo'); @@ -124,7 +154,7 @@ class Service extends Dingus { const responseTypes = [...this.responseTypes, Enum.ContentType.ImageSVG]; - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(responseTypes, req, res, ctx); @@ -132,20 +162,34 @@ class Service extends Dingus { } + async handlerGetHistorySVG(req, res, ctx) { + const _scope = _fileScope('handlerGetHist'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + const responseTypes = [Enum.ContentType.ImageSVG]; + + Service.setHeadHandler(req, res, ctx); + + this.setResponseType(responseTypes, req, res, ctx); + + await this.manager.getHistorySVG(res, ctx); + } + + /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminOverview(req, res, ctx) { const _scope = _fileScope('handlerGetAdminOverview'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getAdminOverview(res, ctx); } @@ -154,25 +198,26 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerGetAdminTopicDetails(req, res, ctx) { const _scope = _fileScope('handlerGetAdminTopicDetails'); this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); - Dingus.setHeadHandler(req, res, ctx); + Service.setHeadHandler(req, res, ctx); this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.sessionRequired(req, res, ctx, this.loginPath); await this.manager.getTopicDetails(res, ctx); } /** - * Same as super.ingestBody, but if no body was sent, do not parse (and + * Similar to super.ingestBody, but if no body was sent, do not parse (and * thus avoid possible unsupported media type error). + * Also removes raw body from context, to simplify scrubbing sensitive data from logs. * @param {http.ClientRequest} req * @param {http.ServerResponse} res * @param {Object} ctx @@ -182,6 +227,7 @@ class Service extends Dingus { const contentType = Dingus.getRequestContentType(req); if (ctx.rawBody) { this.parseBody(contentType, ctx); + delete ctx.rawBody; } } @@ -197,7 +243,7 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.maybeIngestBody(req, res, ctx); ctx.method = req.method; @@ -216,7 +262,7 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.maybeIngestBody(req, res, ctx); ctx.method = req.method; @@ -227,7 +273,7 @@ class Service extends Dingus { /** * @param {http.ClientRequest} req * @param {http.ServerResponse} res - * @param {object} ctx + * @param {Object} ctx */ async handlerPostAdminProcess(req, res, ctx) { const _scope = _fileScope('handlerPostAdminProcess'); @@ -235,10 +281,86 @@ class Service extends Dingus { this.setResponseType(this.responseTypes, req, res, ctx); - await this.authenticator.required(req, res, ctx); + await this.authenticator.apiRequiredLocal(req, res, ctx); await this.manager.processTasks(res, ctx); } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogin'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + Service.setHeadHandler(req, res, ctx); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.sessionManager.getAdminLogin(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerPostAdminLogin(req, res, ctx) { + const _scope = _fileScope('handlerPostAdminLogin'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.sessionOptionalLocal(req, res, ctx); + + await this.maybeIngestBody(req, res, ctx); + + await this.sessionManager.postAdminLogin(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminLogout(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminLogout'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + await this.authenticator.sessionOptionalLocal(req, res, ctx); + + await this.sessionManager.getAdminLogout(res, ctx); + } + + + /** + * Delegate login to authentication module. + * @param {http.ClientRequest} req + * @param {http.ServerResponse} res + * @param {Object} ctx + */ + async handlerGetAdminIA(req, res, ctx) { + const _scope = _fileScope('handlerGetAdminIA'); + this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx }); + + this.setResponseType(this.responseTypes, req, res, ctx); + + // Special case here, to see cookie before session established + ctx.cookie = req.getHeader(Enum.Header.Cookie); + + await this.sessionManager.getAdminIA(res, ctx); + } + } module.exports = Service;