in the middle of the work for authentication

2016-07-29 19:25:06 +00:00
parent bdaebcc92f
commit 82bb795b85
9 changed files with 338 additions and 90 deletions
--- a/nodejs/authentication/index.js
+++ b/nodejs/authentication/index.js
@@ -0,0 +1,71 @@
+module.exports = function(config) {
+
+  const crypto = require('crypto');
+  const password = crypto.randomBytes(256);
+  var cookie = require('cookie-encryption');
+  // const cipher = crypto.createCipher('aes256', password);
+  // const decipher = crypto.createDecipher('aes256', password);
+  // var encrypted = cipher.update(JSON.stringify(user), 'utf8', 'base64')
+  //         + cipher.final('base64');
+  // console.log("encrypted", encrypted);
+  // var decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8');
+  // console.log("decrypted", decrypted);
+
+  var authentication = function (req, res, next) {
+    return next();
+  }
+  
+  if (config) {
+
+    var cipher = config.cookies && config.cookies.cipher ? config.cookies.cipher : "aes256";
+    
+    authentication = function (req, res, next) {
+      
+      function unauthorized(res) {
+        res.setHeader('WWW-Authenticate', 'Basic realm=Authorization Required');
+        res.status(401).send('Not logged in. <a href="/">Login</a>');
+      };
+      
+      var user = require('basic-auth')(req);
+      var vault = cookie('credentials');
+      
+      if (!user || !user.name || !user.pass) {
+        return unauthorized(res);
+      };
+
+      if (config.passwords && config.passwords[user.name]) {
+        if (crypto.getHashes().indexOf(config.passwords[user.name][0])>=0) {
+          if (crypto.createHash(config.passwords[user.name][0])
+                    .update(user.pass, 'utf8').digest('hex') === config.passwords[user.name][1]) {
+                      return next();
+          }
+        } else {
+          console.log("**** HASH NOT FOUND ****");
+          console.log(config.passwords[user.name][0]);
+          console.log(crypto.getHashes());
+        }
+      }
+      if (config.ldap) try {
+        var LdapAuth = require('ldapauth');
+        var auth = new LdapAuth(config.ldap);
+        auth.authenticate(user.name, user.pass, function(err, usr) {
+          auth.close(function(err) {})
+          if (err) {
+            console.log("**** ERROR: LDAP Authentication failed:", err);
+            return unauthorized(res);
+          }
+          console.log("**** SUCCESS: LDAP Authentication:");
+          return next();
+        });
+        return; // need to block here!
+      } catch (e) {
+        console.log("**** Error: LDAP failed: ", e, e.stack);
+      }
+      return unauthorized(res);
+    };
+
+  }
+
+  return authentication;
+
+}