-
Notifications
You must be signed in to change notification settings - Fork 45
/
refresh.js
51 lines (40 loc) · 1.34 KB
/
refresh.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
'use strict';
const express = require('express');
const router = express.Router();
const config = require('../../config');
const Aws = require('aws-sdk');
const AwsCredentials = require('../../lib/aws-credentials');
const credentials = new AwsCredentials(config.aws);
const ResponseObj = require('./../response');
router.all('/', (req, res) => {
const sts = new Aws.STS();
const session = req.session.passport;
const refreshResponseObj = Object.assign(ResponseObj, {
accountId: session.accountId
});
sts.assumeRoleWithSAML({
PrincipalArn: session.principalArn,
RoleArn: session.roleArn,
SAMLAssertion: session.samlResponse,
DurationSeconds: config.aws.duration
}, (assumeRoleErr, data) => {
if (assumeRoleErr) {
res.redirect(config.auth.entryPoint);
return;
}
const credentialResponseObj = Object.assign(refreshResponseObj, {
accessKey: data.Credentials.AccessKeyId,
secretKey: data.Credentials.SecretAccessKey,
sessionToken: data.Credentials.SessionToken
});
res.render('refresh', credentialResponseObj);
credentials.save(data.Credentials, `awsaml-${session.accountId}`, (credSaveErr) => {
if (credSaveErr) {
res.render('refresh', Object.assign(credentialResponseObj, {
error: credSaveErr
}));
}
});
});
});
module.exports = router;