UNPKG

laas-admin-api

Version:

LaaS admin api server.

66 lines (60 loc) 1.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
(function () { var config = require('../config'); var basic = require('basic-auth'); var LDAP = require('ldapauth-fork'); var AsyncCache = require('async-cache'); var cache = new AsyncCache({ max: 1000, maxAge: 1000 * 60 * 60 * 24, load: function (key, cb) { var creds = key.split(':'); ldapAuth(creds[0], creds[1], cb); } }); var ldapConfig = { url: config.ldap.protocol + '://' + config.ldap.host + ':' + config.ldap.port, searchBase: config.ldap.base, searchFilter: '(uid={{username}})' }; if (config.ldap.binddn) { ldapConfig.adminDn = config.ldap.binddn; ldapConfig.adminPassword = config.ldap.bindpass; } var ldap = new LDAP(ldapConfig); module.exports = function () { return function (req, res, next) { basicAuth(req, function (err, user) { if (! err && ! user) err = error('Unauthorized', 401); if (err) return res.status(err.code || 500).send(err.message); next (); }); }; }; function basicAuth (req, cb) { var creds = basic(req); if (! creds) return cb(error('Unauthorized', 401)); try { cache.get(creds.name + ':' + creds.pass, cb); } catch (err) { cb(err); } } function error (message, code) { var err = new Error(message); err.code = code; return err; } function ldapAuth (username, password, cb) { var start = Date.now(); ldap.authenticate(username, password, function (err, user) { console.log({ duration: Date.now()-start }, 'LDAP request'); if (err && err.name === 'InvalidCredentialsError') { console.log('Authentication was unsuccessful using ldap for user "%s"', username); err = null; } else if (! err && user) { console.log('Authentication was successful using ldap for user "%s"', username); } cb(err, user); }); } })();