UNPKG

@nephele/authenticator-nymph

Version:

Nymph.js authenticator for the Nephele WebDAV server.

github.com/sciactive/nephele

sciactive/nephele

99 lines (86 loc) 2.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import type { Request } from 'express'; import basicAuth from 'basic-auth'; import type { Nymph } from '@nymphjs/nymph'; import { User as UserClass, enforceTilmeld, type UserData, } from '@nymphjs/tilmeld'; import type { Authenticator as AuthenticatorInterface, AuthResponse as NepheleAuthResponse, } from 'nephele'; import { UnauthorizedError } from 'nephele'; export type AuthenticatorConfig = { /** * The realm is the name reported by the server when the user is prompted to * authenticate. * * It should be HTTP header safe (shouldn't include double quotes or * semicolon). */ realm?: string; /** * The instance of Nymph that will authenticate the users. This must have * Tilmeld loaded. */ nymph: Nymph; }; export type AuthResponse = NepheleAuthResponse< any, { user: UserClass & UserData } >; /** * Nephele Nymph.js authenticator. */ export default class Authenticator implements AuthenticatorInterface { realm: string; nymph: Nymph; constructor(config: AuthenticatorConfig) { this.realm = config.realm || 'Nephele WebDAV Service'; this.nymph = config.nymph; } async authenticate(request: Request, response: AuthResponse) { const authorization = request.get('Authorization'); let username = ''; let password = ''; if (authorization) { const auth = basicAuth.parse(authorization); if (auth) { username = auth.name; password = auth.pass; } } try { if (username.trim() === '') { throw new UnauthorizedError( 'Authentication is required to use this server.', ); } enforceTilmeld(this.nymph); const User = this.nymph.getEntityClass(UserClass); const user = await User.factoryUsername(username); if ( user.guid == null || user.username == null || !user.enabled || !user.$checkPassword(password) ) { throw new UnauthorizedError('Username or password is invalid.'); } return user as UserClass & UserData & { username: string }; } catch (e: any) { if (e instanceof UnauthorizedError) { response.set( 'WWW-Authenticate', `Basic realm="${this.realm}", charset="UTF-8"`, ); } throw e; } } async cleanAuthentication(_request: Request, _response: AuthResponse) { // Nothing is required for auth cleanup. return; } }