jive-sdk

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Jive SDK Source: jive-sdk-service/lib/security.js</title>  <link type="text/css" rel="stylesheet" href="styles/sunlight.default.css"> <link type="text/css" rel="stylesheet" href="styles/site.spacelab.css"> </head> <body> <div class="container-fluid"> <div class="navbar navbar-fixed-top navbar-inverse"> <div class="navbar-inner"> <a class="brand" href="index.html">Jive SDK</a> <ul class="nav"> <li class="dropdown"> <a href="modules.list.html" class="dropdown-toggle" data-toggle="dropdown">Modules<b class="caret"></b></a> <ul class="dropdown-menu "> <li> <a href="module-abstractDefinitions.html">abstractDefinitions</a> </li> <li> <a href="module-abstractInstances.html">abstractInstances</a> </li> <li> <a href="module-addOnRoutes.html">addOnRoutes</a> </li> <li> <a href="module-api.html">api</a> </li> <li> <a href="module-community.html">community</a> </li> <li> <a href="module-constants.html">constants</a> </li> <li> <a href="module-devRoutes.html">devRoutes</a> </li> <li> <a href="module-events.html">events</a> </li> <li> <a href="module-extensions.html">extensions</a> </li> <li> <a href="module-extstreamsInstances.html">extstreamsInstances</a> </li> <li> <a href="module-jiveutil.html">jiveutil</a> </li> <li> <a href="module-oauthRoutes.html">oauthRoutes</a> </li> <li> <a href="module-request.html">request</a> </li> <li> <a href="module-security.html">security</a> </li> <li> <a href="module-service.html">service</a> </li> <li> <a href="module-tasks.html">tasks</a> </li> <li> <a href="module-tileInstances.html">tileInstances</a> </li> <li> <a href="module-tileRoutes.html">tileRoutes</a> </li> <li> <a href="module-tilesDefinitions.html">tilesDefinitions</a> </li> <li> <a href="module-webhooks.html">webhooks</a> </li> </ul> </li> <li class="dropdown"> <a href="classes.list.html" class="dropdown-toggle" data-toggle="dropdown">Classes<b class="caret"></b></a> <ul class="dropdown-menu "> <li> <a href="extstreamsDefinitions.html">extstreamsDefinitions</a> </li> <li> <a href="filePersistence.html">filePersistence</a> </li> <li> <a href="memoryPersistence.html">memoryPersistence</a> </li> <li> <a href="memoryScheduler.html">memoryScheduler</a> </li> <li> <a href="oauthHandler.html">oauthHandler</a> </li> </ul> </li> </ul> </div> </div> <div class="row-fluid"> <div class="span12"> <div id="main"> <h1 class="page-title">Source: jive-sdk-service/lib/security.js</h1> <section> <article> <pre class="sunlight-highlight-javascript linenums">/* * Copyright 2013 Jive Software * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * @module security */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Private var express = require('express'), service = require('./service'), jive = require('../api'), q = require('q'); var findCredentials = function(req) { var deferred = q.defer(); var conf = jive.service.options; // try to get it from body var jiveUrl = req.body['jiveUrl']; // default to system credentials var credentials = { 'clientId': conf.clientId, 'clientSecret': conf.clientSecret }; var authorization = req.headers['authorization']; var tenantID; if ( !jiveUrl && authorization ) { jive.logger.debug("Trying to parse jiveURL/tenantID from JiveEXTN authorization header..."); // check authorization header var authVars = authorization.split(' '); req['jive'] = {}; if ( authVars[0] == 'JiveEXTN') { // try to parse out jiveURL var authParams = authVars[1].split('&'); authParams.forEach( function(p) { if (p.indexOf('jive_url') == 0 ) { jiveUrl = decodeURIComponent( p.split("=")[1] ); req['jive']['jiveURL'] = jiveUrl; } if (p.indexOf('tenant_id') == 0 ) { tenantID = decodeURIComponent( p.split("=")[1] ); req['jive']['tenantID'] = tenantID; } }); } else { jive.logger.debug("JiveEXTN authorization header not present, could not find jiveURL that way."); } } if ( !jiveUrl ) { // default to service credentials -- cannot look it up by community deferred.resolve( credentials ); } else { // try to resolve trust by jiveUrl jive.community.findByJiveURL(jiveUrl).then(function (community) { if (community) { credentials['clientId'] = community['clientId']; credentials['clientSecret'] = community['clientSecret']; } else { jive.logger.debug("Could not look up security credentials by community jiveURL " + jiveUrl + " -- using service credentials " + "from service configuration file (usually jiveclientconfiguration.json)."); } deferred.resolve(credentials); }); } return deferred.promise; }; var lockedRoutes = {}; /** * Any routes passed into this method will become locked: e.g the service will validate security headers. * @param routePath */ exports.lockRoute = function( routePath ) { // pre if ( !routePath) { return; } if ( !routePath['verb'] ) { throw new Error('Invalid route, cannot lock: missing verb'); } if ( !routePath['path'] ) { throw new Error('Invalid route, cannot lock: missing path'); } var key = routePath['verb'] + '.' + routePath['path']; lockedRoutes[key] = routePath; }; exports.getLockedRoutes = function() { // return immutable copy return JSON.parse( JSON.stringify( lockedRoutes ) ); }; exports.isLocked = function( req ) { // in development, we're not locked down if ( jive.service.isDevelopment() ) { return false; } var key = req.method.toLowerCase() + '.' + req.path; return lockedRoutes[key]; }; function invalidAuthResponse(res) { if ( !res ) { return; } // bad res.writeHead(403, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ 'status': 403, 'error': 'Invalid or missing authorization headers.' })); } /** * General purpose utility that checks the request for security headers and validates them. * If error, a 403 response will be added to the passed in res object (if available) * @param req * @param res optional */ exports.checkAuthHeaders = function(req, res) { var deferred = q.defer(); if ( !exports.isLocked(req) ) { // we're ok deferred.resolve(true); } else { findCredentials(req).then( function(credentials) { if ( credentials ) { var clientId = credentials['clientId']; var secret = credentials['clientSecret']; var auth = req.headers['authorization']; if ( !auth ) { jive.logger.debug("No security headers found, even though security credentials were required."); invalidAuthResponse(res); deferred.reject(false); return; } var passedBasic = jive.util.basicAuthorizationHeaderValid(auth, clientId, secret, true ); var passedJiveEXTN = jive.util.jiveAuthorizationHeaderValid(auth, clientId, secret, true ); if ( !passedBasic && !passedJiveEXTN ) { jive.logger.debug("Unauthorized access. Failed basic auth, and jiveEXTN header checks."); invalidAuthResponse(res); deferred.reject(false); return; } // we're ok deferred.resolve(true); } else { jive.logger.debug("No credentials were found to check against."); deferred.resolve(true); } }); } return deferred.promise; }; exports.checkAuthHeadersMiddleware = function (req, res, next ) { return exports.checkAuthHeaders( req, res ).finally( function() { if ( next ) { next(); } }); };</pre> </article> </section> </div> <div class="clearfix"></div> <footer> <span class="copyright"> Jive Software, Inc </span> <br /> <span class="jsdoc-message"> Documentation generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.3.0-dev</a> on Wed Jan 22 2014 12:29:37 GMT-0800 (PST) using the <a href="https://github.com/terryweiss/docstrap">DocStrap template</a>. </span> </footer> </div> <br clear="both"> </div> </div> <script src="scripts/sunlight.js"></script> <script src="scripts/sunlight.javascript.js"></script> <script src="scripts/sunlight-plugin.doclinks.js"></script> <script src="scripts/sunlight-plugin.linenumbers.js"></script> <script src="scripts/sunlight-plugin.menu.js"></script> <script src="scripts/jquery.min.js"></script> <script src="scripts/jquery.scrollTo.js"></script> <script src="scripts/jquery.localScroll.js"></script> <script src="scripts/bootstrap-dropdown.js"></script> <script src="scripts/toc.js"></script> <script> Sunlight.highlightAll({lineNumbers:true, showMenu: true, enableDoclinks :true}); </script> <script> $( function () { $( "#toc" ).toc( { selectors : "h1,h2,h3,h4", showAndHide : false, scrollTo : 60 } ); $( "#toc>ul" ).addClass( "nav nav-pills nav-stacked" ); $( "#main span[id^='toc']" ).addClass( "toc-shim" ); } ); </script> </body> </html>