You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 lines
2.4 KiB
71 lines
2.4 KiB
module.exports = function(config) { |
|
|
|
const crypto = require('crypto'); |
|
const password = crypto.randomBytes(256); |
|
var cookie = require('cookie-encryption'); |
|
// const cipher = crypto.createCipher('aes256', password); |
|
// const decipher = crypto.createDecipher('aes256', password); |
|
// var encrypted = cipher.update(JSON.stringify(user), 'utf8', 'base64') |
|
// + cipher.final('base64'); |
|
// console.log("encrypted", encrypted); |
|
// var decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8'); |
|
// console.log("decrypted", decrypted); |
|
|
|
var authentication = function (req, res, next) { |
|
return next(); |
|
} |
|
|
|
if (config) { |
|
|
|
var cipher = config.cookies && config.cookies.cipher ? config.cookies.cipher : "aes256"; |
|
|
|
authentication = function (req, res, next) { |
|
|
|
function unauthorized(res) { |
|
res.setHeader('WWW-Authenticate', 'Basic realm=Authorization Required'); |
|
res.status(401).send('Not logged in. <a href="/">Login</a>'); |
|
}; |
|
|
|
var user = require('basic-auth')(req); |
|
var vault = cookie('credentials'); |
|
|
|
if (!user || !user.name || !user.pass) { |
|
return unauthorized(res); |
|
}; |
|
|
|
if (config.passwords && config.passwords[user.name]) { |
|
if (crypto.getHashes().indexOf(config.passwords[user.name][0])>=0) { |
|
if (crypto.createHash(config.passwords[user.name][0]) |
|
.update(user.pass, 'utf8').digest('hex') === config.passwords[user.name][1]) { |
|
return next(); |
|
} |
|
} else { |
|
console.log("**** HASH NOT FOUND ****"); |
|
console.log(config.passwords[user.name][0]); |
|
console.log(crypto.getHashes()); |
|
} |
|
} |
|
if (config.ldap) try { |
|
var LdapAuth = require('ldapauth'); |
|
var auth = new LdapAuth(config.ldap); |
|
auth.authenticate(user.name, user.pass, function(err, usr) { |
|
auth.close(function(err) {}) |
|
if (err) { |
|
console.log("**** ERROR: LDAP Authentication failed:", err); |
|
return unauthorized(res); |
|
} |
|
console.log("**** SUCCESS: LDAP Authentication:"); |
|
return next(); |
|
}); |
|
return; // need to block here! |
|
} catch (e) { |
|
console.log("**** Error: LDAP failed: ", e, e.stack); |
|
} |
|
return unauthorized(res); |
|
}; |
|
|
|
} |
|
|
|
return authentication; |
|
|
|
}
|
|
|