This repository has been archived by the owner on May 28, 2023. It is now read-only.
/
auth.js
115 lines (99 loc) · 3.19 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
import passport from 'passport';
import { Strategy as GitHubStrategy } from 'passport-github';
import app from '~/';
import { UserSchema, User } from '~/model/user';
// Passport setup
// TODO: Serialize User for sessions
passport.serializeUser(function(user, done) {
done(null, user);
});
// TODO: Deserialize User for sessions
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
// Define GitHub Login Strategy
passport.use(new GitHubStrategy({
clientID: app.config.github.clientID,
clientSecret: app.config.github.secret,
callbackURL: app.config.github.callback,
}, (accessToken, refreshToken, profile, done) => {
User.updateOrCreate(accessToken, profile)
.then(user => {
done(null, user);
}, err => {
done(err);
});
}
));
app.use(passport.initialize());
app.use(passport.session());
// Express routes for authentication
// Redirect to GitHub to login
app.get('/auth/github',
passport.authenticate('github', {
scope: 'repo read:org',
}), (req, res, next) => {
return next(); // Never gets called because of redirect to GitHub
}
);
// GitHub Login callback
// TODO: Add failure redirect
app.get('/auth/github/callback',
passport.authenticate('github'),
(req, res, next) => {
const path = req.session.authredirect || '/dashboard';
req.session.authredirect = null; // Avoid redirection loops
return res.redirect(path);
}
);
app.get('/logout', function(req, res) {
const path = req.session.authredirect || '/';
req.session.authredirect = null; // Avoid redirection loops
req.logout();
return res.redirect(path);
});
// Convienience functions for authentication in express
// Checks if the user is logged In
export function loggedIn(req, res, next) {
if (req.isAuthenticated()) {
return next();
}
req.session.authredirect = req.originalUrl; // Set destination url
return res.redirect('/auth/github');
}
// Checks if user has rights, given permission string or index
export function hasRole(permission) {
// Turn a number into string based on user rights index
if (typeof permission === 'number') {
permission = UserSchema.tree.rights.enum[permission];
}
// Check for any routes with unknown permissions
// Logs error on startup, and every time the route is called
if (UserSchema.tree.rights.enum.indexOf(permission) === -1) {
app.log.error(`detected an invalid "${permission}" permission!`);
return function(req, res, next) {
app.log.error(`${req.path} has an invalid "${permission}" permission requirement`);
return res.render('error', {
message: `Houston is currently only available to rabbit lovers`,
});
}
}
// Return function
return function(req, res, next) {
if (!req.isAuthenticated()) {
req.session.authredirect = req.originalUrl; // Set destination url
return res.redirect('/auth/github');
}
if (!app.config.rights.enabled || req.user.rights === permission) {
return next();
}
if (permission === 'beta') {
return res.render('error', {
message: `Houston is currently only available to beta testers`,
})
}
return res.render('error', {
message: `Only ${permission}s are allowed`,
});
}
}