Introducing a new endpoint for tar upload that requires ldap authenti…

…cation

app.js

@@ -22,6 +22,10 @@ var Orchestrator = require('./lib/orchestrator');
 var RequestState = require('./lib/request-state');
 var SpecberusWrapper = require('./lib/specberus-wrapper');
 
+var passport = require('passport');
+var LdapAuth = require('ldapauth-fork');
+var BasicStrategy = require('passport-http').BasicStrategy;
+
 // Configuration file
 require('./config.js');
 
@@ -156,6 +160,34 @@ app.post('/api/request', upload.single('tar'), function (req, res) {
   }
 });
 
+passport.use(new BasicStrategy(
+  function (username, password, done) {
+    var opts = {
+      url: global.LDAP_URL,
+      bindDn: global.LDAP_BIND_DN.replace(/{{username}}/, username),
+      bindCredentials: password,
+      searchBase: global.LDAP_SEARCH_BASE,
+      searchFilter: '(uid={{username}})',
+      searchAttributes: ['memberOf'],
+      cache: false
+    };
+
+    var ldap = new LdapAuth(opts);
+
+    ldap.authenticate(username, password, function (err, user) {
+      if (err) {
+        console.log('LDAP auth error: %s', err);
+      }
+      done(err, user);
+    });
+  }
+));
+app.post('/api/request/tar',
+         passport.authenticate('basic', { session: false }),
+         function (req, res) {
+           res.send({ status: 'ok' });
+         });
+
 /**
 * Add CORS headers to responses if the client is explicitly allowed.
 *

config.js.example

@@ -24,3 +24,7 @@ global.ALLOWED_CLIENTS = [
   // GitHub:
   /https?:\/\/w3c\.github\.io/i
 ];
+global.LDAP_URL = "ldaps://localhost:636";
+global.LDAP_SEARCH_BASE = 'ou=user,dc=example,dc=org';
+// LDAP_BIND_DN must contain the placeholder {{username}}
+global.LDAP_BIND_DN = 'uid={{username}},ou=user,dc=example,dc=org';

package.json

@@ -52,6 +52,9 @@
     "moment": "2.11",
     "multer": "1.1",
     "node-uuid": "1.4",
+    "passport": "0.3",
+    "passport-http": "0.3",
+    "ldapauth-fork": "2.5",
     "promise": "7.1",
     "request": "2.67",
     "specberus": "1.4.0",