You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 lines
2.4 KiB
72 lines
2.4 KiB
8 years ago
|
module.exports = function(config) {
|
||
|
|
||
|
const crypto = require('crypto');
|
||
|
const password = crypto.randomBytes(256);
|
||
|
var cookie = require('cookie-encryption');
|
||
|
// const cipher = crypto.createCipher('aes256', password);
|
||
|
// const decipher = crypto.createDecipher('aes256', password);
|
||
|
// var encrypted = cipher.update(JSON.stringify(user), 'utf8', 'base64')
|
||
|
// + cipher.final('base64');
|
||
|
// console.log("encrypted", encrypted);
|
||
|
// var decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8');
|
||
|
// console.log("decrypted", decrypted);
|
||
|
|
||
|
var authentication = function (req, res, next) {
|
||
|
return next();
|
||
|
}
|
||
|
|
||
|
if (config) {
|
||
|
|
||
|
var cipher = config.cookies && config.cookies.cipher ? config.cookies.cipher : "aes256";
|
||
|
|
||
|
authentication = function (req, res, next) {
|
||
|
|
||
|
function unauthorized(res) {
|
||
|
res.setHeader('WWW-Authenticate', 'Basic realm=Authorization Required');
|
||
|
res.status(401).send('Not logged in. <a href="/">Login</a>');
|
||
|
};
|
||
|
|
||
|
var user = require('basic-auth')(req);
|
||
|
var vault = cookie('credentials');
|
||
|
|
||
|
if (!user || !user.name || !user.pass) {
|
||
|
return unauthorized(res);
|
||
|
};
|
||
|
|
||
|
if (config.passwords && config.passwords[user.name]) {
|
||
|
if (crypto.getHashes().indexOf(config.passwords[user.name][0])>=0) {
|
||
|
if (crypto.createHash(config.passwords[user.name][0])
|
||
|
.update(user.pass, 'utf8').digest('hex') === config.passwords[user.name][1]) {
|
||
|
return next();
|
||
|
}
|
||
|
} else {
|
||
|
console.log("**** HASH NOT FOUND ****");
|
||
|
console.log(config.passwords[user.name][0]);
|
||
|
console.log(crypto.getHashes());
|
||
|
}
|
||
|
}
|
||
|
if (config.ldap) try {
|
||
|
var LdapAuth = require('ldapauth');
|
||
|
var auth = new LdapAuth(config.ldap);
|
||
|
auth.authenticate(user.name, user.pass, function(err, usr) {
|
||
|
auth.close(function(err) {})
|
||
|
if (err) {
|
||
|
console.log("**** ERROR: LDAP Authentication failed:", err);
|
||
|
return unauthorized(res);
|
||
|
}
|
||
|
console.log("**** SUCCESS: LDAP Authentication:");
|
||
|
return next();
|
||
|
});
|
||
|
return; // need to block here!
|
||
|
} catch (e) {
|
||
|
console.log("**** Error: LDAP failed: ", e, e.stack);
|
||
|
}
|
||
|
return unauthorized(res);
|
||
|
};
|
||
|
|
||
|
}
|
||
|
|
||
|
return authentication;
|
||
|
|
||
|
}
|