This repository has been archived by the owner on Apr 3, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 121
/
auth.js
59 lines (51 loc) · 1.87 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const AppError = require('./error');
const logger = require('./logging')('server.auth');
const token = require('./token');
const validators = require('./validators');
const WHITELIST = require('./config').get('admin.whitelist').map(function(re) {
logger.verbose('compiling.whitelist', re);
return new RegExp(re);
});
exports.AUTH_STRATEGY = 'dogfood';
exports.AUTH_SCHEME = 'bearer';
exports.SCOPE_CLIENT_MANAGEMENT = 'oauth';
exports.strategy = function() {
return {
authenticate: function dogfoodStrategy(req, reply) {
var auth = req.headers.authorization;
logger.debug('check.auth', { header: auth });
if (! auth || auth.indexOf('Bearer ') !== 0) {
return reply(AppError.unauthorized('Bearer token not provided'));
}
var tok = auth.split(' ')[1];
if (! validators.HEX_STRING.test(tok)) {
return reply(AppError.unauthorized('Illegal Bearer token'));
}
token.verify(tok).done(function tokenFound(details) {
if (details.scope.indexOf(exports.SCOPE_CLIENT_MANAGEMENT) !== -1) {
logger.debug('check.whitelist');
var blocked = ! WHITELIST.some(function(re) {
return re.test(details.email);
});
if (blocked) {
logger.warn('whitelist.blocked', {
email: details.email,
token: tok
});
return reply(AppError.forbidden());
}
}
logger.info('success', details);
reply.continue({
credentials: details
});
}, function noToken(err) {
logger.debug('error', err);
reply(AppError.unauthorized('Bearer token invalid'));
});
}
};
};