UNPKG

cozy-proxy

Version:

Cozy Proxy redirects requests properly to the right application of the Cozy platform depending on given path. It also handles authentication to the Cozy for users and devices.

github.com/cozy/cozy-proxy

cozy/cozy-proxy

195 lines (173 loc) • 5.4 kB

JavaScript

// Generated by CoffeeScript 1.10.0 var NotificationHelper, User, attemptRecoveryCodes, createNotificationRecovery, disableRecoveryCode, localization, logger, loginFirstUser, makeError, notificationHelper, otpManager, passport, passwordKeys, qs, simplepass, url; passport = require('passport'); qs = require('querystring'); NotificationHelper = require('cozy-notifications-helper'); notificationHelper = new NotificationHelper; localization = require('../lib/localization_manager'); passwordKeys = require('../lib/password_keys'); otpManager = require('../lib/2fa_manager'); url = require('url'); User = require('../models/user'); logger = require('printit')({ date: true, prefix: 'mid:auth' }); makeError = function(code, msg, original) { var err; err = new Error(msg); if (original) { err.stack += "\n\nCaused by " + original; } err.status = code; return err; }; loginFirstUser = function(req, res, next) { return User.first(function(err, user) { if (err) { return next(err); } return req.logIn(user, function(err) { if (err) { return next(makeError(401, 'error login failed', err)); } else { return res.status(200).send({ success: true }); } }); }); }; createNotificationRecovery = function(length, callback) { var text; text = localization.t("authenticated with recovery code"); text += length + " "; text += localization.t("recovery codes left"); return notificationHelper.createTemporary({ text: text }, callback); }; disableRecoveryCode = function(user, codes, index, callback) { var changes; codes.splice(index, 1); changes = { encryptedRecoveryCodes: JSON.stringify(codes) }; return user.updateAttributes(changes, callback); }; attemptRecoveryCodes = function(user, req, res, next) { return User.first(function(err, user) { var codes, index; if (err) { return next(makeError(401, 'no user found', err)); } else if (user.encryptedRecoveryCodes == null) { return next(makeError(401, 'error otp invalid code')); } else { codes = JSON.parse(user.encryptedRecoveryCodes); index = codes.indexOf(parseInt(req.body.authcode)); if (index === -1) { return next(makeError(401, 'error otp invalid code')); } else { return disableRecoveryCode(user, codes, index, function(err) { if (err) { return next(makeError(401, 'error otp invalid code', err)); } else { return createNotificationRecovery(codes.length, function(err) { if (err) { logger.error(err); } return loginFirstUser(req, res, next); }); } }); } } }); }; simplepass = function(strategy, req, res, next, handler) { return passport.authenticate(strategy, handler)(req, res, next); }; module.exports.authenticate = function(req, res, next) { return otpManager.getAuthType(function(err, otpAuth) { if (err) { return next(makeError(401, 'error login failed', err)); } return simplepass('local', req, res, next, function(err, user) { if (err) { return next(makeError(401, 'error server', err)); } else if (!user) { return next(makeError(401, 'error bad credentials')); } else { return passwordKeys.initializeKeys(req.body.password, function(err) { if (err) { return next(makeError(500, 'error keys not intialized', err)); } else if (!otpAuth) { return req.logIn(user, function(err) { if (err) { return next(makeError(401, 'error login failed', err)); } else { return res.status(200).send({ success: true }); } }); } else { req.user = user; return simplepass(otpAuth, req, res, next, function(err, user) { if (err) { return next(makeError(500, 'server error', err)); } else if (user) { return loginFirstUser(req, res, next); } else { return attemptRecoveryCodes(user, req, res, next); } }); } }); } }); }); }; module.exports.isAuthenticated = function(req, res, next) { if (req.isAuthenticated()) { return next(); } else { url = "/login"; if (req.url !== '/') { url += "?next=" + (encodeURIComponent(req.url)); } if (req.query.length) { url += "&" + (qs.stringify(req.query)); } return res.redirect(url); } }; module.exports.isNotAuthenticated = function(req, res, next) { if (req.isAuthenticated()) { return res.redirect('/'); } else { return next(); } }; module.exports.isRegistered = function(req, res, next) { return User.first(function(err, user) { if (err) { return next(makeError(401, 'no user found', err)); } else if (User.isRegistered(user)) { return next(); } else { return res.redirect('/register'); } }); }; module.exports.isNotRegistered = function(req, res, next) { return User.first(function(err, user) { if (err) { return next(); } else if (User.isRegistered(user)) { return res.redirect('/'); } else { return next(); } }); };