UNPKG

browserid-verify

Version:

Verify BrowserID assertions.

chilts/browserid-verify-node

178 lines (147 loc) 6.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
// ---------------------------------------------------------------------------- // // browserid-verify.js - remote or local verification of a browserid assertion // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. // // ---------------------------------------------------------------------------- // core var https = require('https'); var http = require('http'); var querystring = require('querystring'); var url = require('url'); // npm var tunnel = require('tunnel'); // ---------------------------------------------------------------------------- const VERIFIER_METHOD = 'POST'; const VERIFIER_URL = 'https://verifier.login.persona.org/verify'; // ---------------------------------------------------------------------------- function browserIdVerify(opts) { // set some defaults opts = opts || {}; opts.type = opts.type || 'remote'; opts.url = opts.url || VERIFIER_URL; // return the remote verifier if ( opts.type === 'remote' ) { // firstly, parse the url var parsedUrl = url.parse(opts.url); // var httpPkg = opts. var protocol; if ( parsedUrl.protocol === 'https:' ) { protocol = https; } else if ( parsedUrl.protocol === 'http:' ) { protocol = http; } else { throw new Error("url protocol must be 'https:' or 'http:', not '" + parsedUrl.protocol + "'"); } // create an agent if we are (1) tunneling, or (2) setting maxSockets var agent; if ( opts.proxy ) { var parsedProxy = url.parse(opts.proxy); if ( parsedProxy.protocol === 'https:' ) { agent = tunnel.httpsOverHttps({ proxy: { host : parsedProxy.hostname, port : parsedProxy.port, } }); } else if ( parsedProxy.protocol === 'http:' ) { agent = tunnel.httpsOverHttp({ proxy: { host : parsedProxy.hostname, port : parsedProxy.port, } }); } else { throw new Error("proxy protocol must be 'https:' or 'http:', not '" + parsedUrl.protocol + "'"); } } return function verifyRemotely(assertion, audience, callback) { if (typeof callback !== 'function') throw "missing required callback argument"; if (typeof assertion !== 'string' ) { process.nextTick(function() { callback('assertion should be a string'); }); return; } if (typeof audience !== 'string' ) { process.nextTick(function() { callback('audience should be a string'); }); return; } // hit the remote verifier var reqOpts = { method : VERIFIER_METHOD, hostname : parsedUrl.hostname, path : parsedUrl.path, port : parsedUrl.port, rejectUnauthorized : true, }; // set the agent on the request if needed if ( agent ) { reqOpts.agent = agent; } // requestHandler function requestHandler(resp) { // if the statusCode isn't what we expect, get out of here if ( resp.statusCode !== 200 && resp.statusCode !== 400 ) { return callback(new Error("Remote verifier returned an unexpected status code : " + resp.statusCode)); } // collect up the returned body var body = ""; resp .on('data', function(chunk) { body += chunk; }) .on('end', function() { var response; // catch any errors when parsing the returned JSON try { response = JSON.parse(body); } catch(e) { return callback(new Error("Remote verifier did not return JSON.")); } if ( !response ) { return callback(new Error("Remote verifier did not return any data.")); } // Here, we're passing back the entire reponse since it should be up to // if they want to do anything with any of the other fields // (e.g. issuer, expires, etc). return callback(null, response.email, response); }) .on('error', function(err) { return callback(err); }) ; } var req = protocol.request(reqOpts, requestHandler); req.on('error', function(err) { return callback(err); }); req.setHeader('Content-Type', 'application/x-www-form-urlencoded'); var query = querystring.stringify({ assertion : assertion, audience : audience, }); req.setHeader('Content-Length', query.length); req.end(query, 'utf8'); }; } // return the local verifier if ( opts.type === 'local' ) { throw new Error("Program error: local verification is not yet implemented. Please use 'remote' verification."); } // don't know what this type is throw new Error('Unknown verifier type : ' + opts.type); } // ---------------------------------------------------------------------------- // export the creator function module.exports = browserIdVerify; // ----------------------------------------------------------------------------