Skip to content

Commit

Permalink
[ENG-1037] - Token tests added, sdk docs and misc
Browse files Browse the repository at this point in the history
  • Loading branch information
@Phara0h
Phara0h committed Sep 12, 2019
1 parent 3188130 commit 037e7ec
Show file tree
Hide file tree
Showing 25 changed files with 2,450 additions and 637 deletions.
5 changes: 4 additions & 1 deletion README.md
View file
@@ -1,5 +1,8 @@
# Travelling
A dynamic route level groups permissions middleman service.

## API Docs found at
## REST Docs found at
https://documenter.getpostman.com/view/7072151/SVfJUrSZ?version=latest

## API Docs
[API documentation](../sdk/README.md)
2 changes: 2 additions & 0 deletions include/routes/v1/auth.js
View file
Expand Up @@ -234,6 +234,7 @@ module.exports = function(app, opts, done) {
});

app.post('/auth/token', async (req,res) =>{
console.log(req.body, req.headers)
if(req.body.grant_type != 'client_credentials')
{
res.code(400);
Expand Down Expand Up @@ -273,6 +274,7 @@ module.exports = function(app, opts, done) {
msg: 'Token is invalid',
};
}

res.code(200);
return await TokenHandler.getAccessToken(token);
})
Expand Down
4 changes: 3 additions & 1 deletion include/routes/v1/users.js
View file
Expand Up @@ -215,6 +215,8 @@ module.exports = function(app, opts, done) {
var token = null;
try {
token = await TokenHandler.getOAuthToken(req.session.data.user.id, req.body.type || 'oauth', req.body.name || null);
res.code(200).send({client_id: token.name || token.id, client_secret: token.secret})
return;
} catch (e) {
res.code(400).send({
type: 'token-error',
Expand All @@ -223,7 +225,7 @@ module.exports = function(app, opts, done) {
return;
}

res.code(200).send({client_id: token.name || token.id, client_secret: token.secret})

});


Expand Down
43 changes: 25 additions & 18 deletions include/server/router.js
View file
Expand Up @@ -84,6 +84,7 @@ class Router {
// the route object
var r = this.isRouteAllowed(req.raw.method, req.raw.url, group, sessionUser);
if (r) {
//console.log(r)
// sets user id cookie every time to protect against tampering.
// res.cookie('travelling:aid', sessionUser._id);
// res.cookie('travelling:un', sessionUser.username);
Expand All @@ -95,7 +96,7 @@ class Router {
req.headers['aid'] = sessionUser.id;
}

if (req.raw.url.indexOf('/travelling/') == 0) {
if (req.raw.url.indexOf('/travelling/api/') == 0) {
if (config.log.requests) {
if (authenticated) {
log.info(sessionUser.username + ' (' + sessionUser.group.name + ') | ' + req.ip + ' | [' + req.raw.method + '] '+req.req.url);
Expand All @@ -105,31 +106,36 @@ class Router {
}
return false;
} else {

var target = {
target: this.transformRoute(sessionUser, r, r.host == null ? req.protocol + '://' + req.headers.host : r.host),
target: this.transformRoute(sessionUser, r, r.host || `${config.https ? 'https' : 'http'}://127.0.0.1:${config.port}`),
};

if (r.removeFromPath) {
req.raw.url = req.raw.url.replace(this.transformRoute(sessionUser, r, r.removeFromPath), '');
}

if (req._wssocket) {
if (target.target.indexOf('wss') > -1) {
this.proxyssl.ws(req.raw, req._wssocket, target);
} else {
this.proxy.ws(req.raw, req._wssocket, target);
}
} else {
// This gets around websites host checking / blocking
//delete req.raw.headers.host;

if (target.target.indexOf('https') > -1) {
this.proxyssl.web(req.req, res.res, target);
} else {
this.proxy.web(req.req, res.res, target);
}
if(r.host)
{
if (req._wssocket) {
if (target.target.indexOf('wss') > -1) {
this.proxyssl.ws(req.raw, req._wssocket, target);
} else {
this.proxy.ws(req.raw, req._wssocket, target);
}
} else {
// This gets around websites host checking / blocking
//delete req.raw.headers.host;

if (target.target.indexOf('https') > -1) {
this.proxyssl.web(req.req, res.res, target);
} else {
this.proxy.web(req.req, res.res, target);
}
}
return true;
}

return false;
}
if (config.log.requests) {
if (authenticated) {
Expand All @@ -145,6 +151,7 @@ class Router {
// res.code(401).send('Access Denied');
// }
if(req.req.url != config.portal.path) {
//console.log(req.raw.url, req.raw.url, config.portal.path)
this.setBackurl(res,req);
res.redirect(config.portal.path);
}
Expand Down
5 changes: 1 addition & 4 deletions include/token/index.js
View file
Expand Up @@ -94,19 +94,16 @@ class TokenHandler {
}

var secretb64 = secret.toString('base64');

var secret = await this._hashToken(secretb64,token.secret);
console.log(token)
var nToken = await TokenStore.set(token.user_id, 'access', secret, config.token.access.expiration * 60000, token.name) // min to ms
resolve({access_token: secret, expires_in: config.token.access.expiration*60, token_type:"bearer"});
resolve({access_token: secret, expires_in: config.token.access.expiration*60, token_type:"bearer"}); // min to seconds
});
});
}

static async checkAccessToken(token) {
var token = await TokenStore.get(token);

console.log('CHECK ACCESS: ',token, TokenStore)
if(!token) {
return false;
}
Expand Down
113 changes: 78 additions & 35 deletions include/utils/auth.js
View file
Expand Up @@ -2,33 +2,70 @@ const CookieToken = require('./cookietoken');
const TokenHandler = require('../token');
const config = require('./config');

var checkLoggedIn = async (req, res, router)=> {

if(req.headers.authorization) {
var user = await TokenHandler.checkAccessToken(req.headers.authorization.split('Bearer ')[1]);
if(!user) {
return {auth: false, route: req.headers.authorization.indexOf('Basic ') > -1 ? true : false}
}

await user.resolveGroup(router);
req.session = {data:{user}};
var logout = (req, res) => {
req.session.data.user = null;
req.sessionStore.destroy(req.session.sessionId, ()=>{

});
CookieToken.removeAuthCookie(res);
res.setCookie('trav:ssid', null, {
expires: Date.now(),
secure: true,
httpOnly: true,
path: '/',
});
req.isAuthenticated = false;

};

var checkAuthHeader = async (req, res, router) => {
if (req.headers.authorization) {
config.log.logger.debug(req.headers)
var splitAuth = req.headers.authorization.split(' ');
if(splitAuth.length < 2) {
return false;
}
splitAuth[0] = splitAuth[0].toLowerCase();

return {auth: true, route: true};
if(splitAuth[0] != 'basic' || splitAuth != 'bearer') {
return false;
}

var user = await TokenHandler.checkAccessToken(splitAuth[1]);

if (!user) {
return {auth: false, route: req.headers.authorization.indexOf('Basic ') > -1 ? true : false};
}

await user.resolveGroup(router);
req.session = {data: {user}};

return {auth: true, route: true};
}
return false;
};

if(req.session && req.session.data && req.session.data.user) {
if(req.session.data.user.locked) {
return {auth: false, route: true}
}
return {auth: true, route: true};
var checkSession = (req, res, router) => {
if (req.session && req.session.data && req.session.data.user) {
if (req.session.data.user.locked) {
return {auth: false, route: true};
}
return {auth: true, route: true};
}
return false;
};

if(req.cookies['trav:tok']) {
var checkCookie = async (req, res, router) => {
if (req.cookies['trav:tok']) {
try {
var user = await CookieToken.checkToken(req, res, router);

var user = await CookieToken.checkToken(req, res, router)
if (!user || user.locked) {
config.log.logger.debug('no user',req.url, req.raw.url)

if(!user || user.locked) {
return {auth: false, route: true}
return {auth: false, route: true};
}

user.resolveGroup(router);
Expand All @@ -37,27 +74,33 @@ var checkLoggedIn = async (req, res, router)=> {
config.log.logger.info('User Token Session Refreshed: ' + user.username + ' (' + user._.group.name + ')' + ' | ' + req.ip);

return {auth: true, route: true};
} catch (e) {
config.log.logger.debug.log(e);
return {auth: false, route: true};
}
}
return {auth: false, route: true};
return false;
};

var logout = (req, res) => {
req.session.data.user = null;
req.sessionStore.destroy(req.session.sessionId,()=>{
var checkLoggedIn = async (req, res, router)=> {
var authHeader = await checkAuthHeader(req, res, router);
if(authHeader) {
return authHeader;
}

});
CookieToken.removeAuthCookie(res)
res.setCookie('trav:ssid', null, {
expires: Date.now(),
secure: true,
httpOnly: true,
path: '/'
})
req.isAuthenticated = false;
var session = checkSession(req, res, router);
if(session) {
return session;
}

}
var cookie = await checkCookie(req,res,router);
if(cookie) {
return cookie;
}
return {auth: false, route: true};
};

module.exports = {
checkLoggedIn,
logout
}
checkLoggedIn,
logout,
};
2 changes: 1 addition & 1 deletion include/utils/config.js
View file
Expand Up @@ -41,7 +41,7 @@ const config = {
enable: isSetDefault(stringToBool(process.env.TRAVELLING_PORTAL_ENABLE), true),
path: isSetDefault(process.env.TRAVELLING_PORTAL_PATH, '/travelling/portal/'),
host: isSetDefault(process.env.TRAVELLING_PORTAL_HOST, null),
filePath: isSetDefault(process.env.TRAVELLING_PORTAL_FILE_PATH, './client'),
filePath: isSetDefault(process.env.TRAVELLING_PORTAL_FILE_PATH, __dirname+'/../../client'),
},
proxy: {
timeout: isSetDefault(Number(process.env.TRAVELLING_PROXY_TIMEOUT), 0)
Expand Down
14 changes: 14 additions & 0 deletions index.js
View file
Expand Up @@ -7,6 +7,7 @@ config.log.logger = require(config.log.logger);
var fastifyOptions = {
http2: false,
logger: config.log.fastifyLogger,
//logger: true
disableRequestLogging: true
};

Expand Down Expand Up @@ -46,6 +47,14 @@ const Email = require('./include/utils/email');

const nstats = require('nstats')();

app.setErrorHandler(function (error, request, reply) {
console.log(error)
reply.code(500).send({
type: 'error',
msg: 'Please report this issue to the site admin',
})
})

if(config.cors.enable) {
app.use((req, res, next) => {
if(req.headers['origin']) {
Expand Down Expand Up @@ -111,8 +120,10 @@ app.decorateRequest('checkLoggedIn', async function(req,res){return await auth.c
app.decorateRequest('logout', auth.logout);
app.decorateRequest('isAuthenticated', false);
app.addHook('preHandler',function(req, res, next) {

req.checkLoggedIn(req, res).then(auth=>{
req.isAuthenticated = auth.auth;

if (!auth.route) {
res.code(401).send();
if(config.log.requests) {
Expand Down Expand Up @@ -140,6 +151,9 @@ if(config.portal.enable) {
prefix: config.portal.path,
})
}
console.log(config.portal);


app.ready(()=>{
config.log.logger.debug(app.printRoutes())
})
Expand Down

0 comments on commit 037e7ec

Please sign in to comment.