module.exports = function(config) { const crypto = require('crypto'); const password = crypto.randomBytes(256); var cookie = require('cookie-encryption'); // const cipher = crypto.createCipher('aes256', password); // const decipher = crypto.createDecipher('aes256', password); // var encrypted = cipher.update(JSON.stringify(user), 'utf8', 'base64') // + cipher.final('base64'); // console.log("encrypted", encrypted); // var decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8'); // console.log("decrypted", decrypted); var authentication = function (req, res, next) { return next(); } if (config) { var cipher = config.cookies && config.cookies.cipher ? config.cookies.cipher : "aes256"; authentication = function (req, res, next) { function unauthorized(res) { res.setHeader('WWW-Authenticate', 'Basic realm=Authorization Required'); res.status(401).send('Not logged in. Login'); }; var user = require('basic-auth')(req); var vault = cookie('credentials'); if (!user || !user.name || !user.pass) { return unauthorized(res); }; if (config.passwords && config.passwords[user.name]) { if (crypto.getHashes().indexOf(config.passwords[user.name][0])>=0) { if (crypto.createHash(config.passwords[user.name][0]) .update(user.pass, 'utf8').digest('hex') === config.passwords[user.name][1]) { return next(); } } else { console.log("**** HASH NOT FOUND ****"); console.log(config.passwords[user.name][0]); console.log(crypto.getHashes()); } } if (config.ldap) try { var LdapAuth = require('ldapauth'); var auth = new LdapAuth(config.ldap); auth.authenticate(user.name, user.pass, function(err, usr) { auth.close(function(err) {}) if (err) { console.log("**** ERROR: LDAP Authentication failed:", err); return unauthorized(res); } console.log("**** SUCCESS: LDAP Authentication:"); return next(); }); return; // need to block here! } catch (e) { console.log("**** Error: LDAP failed: ", e, e.stack); } return unauthorized(res); }; } return authentication; }