UNPKG

node-expose-sspi-strict

Version:

Expose the Microsoft Windows SSPI interface in order to do NTLM and Kerberos authentication.

141 lines (123 loc) 2.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import { SSO } from './SSO'; import { IncomingMessage, ServerResponse } from 'http'; declare module 'http' { interface IncomingMessage { /** * Contains the SSO object. * * @type {SSO} * @memberof Request */ sso: SSO; } } export type Middleware = ( req: IncomingMessage, res: ServerResponse, next: NextFunction ) => void; export type CookieToken = string; export type MessageType = | 'NTLM_NEGOTIATE_01' | 'NTLM_CHALLENGE_02' | 'NTLM_AUTHENTICATE_03' | 'Kerberos_1' | 'Kerberos_N'; export type NextFunction = (error?: Error) => void | Promise<void>; /** * options to provide to sso.auth() and SSO.setOptions(). * * @export * @interface AuthOptions */ export interface AuthOptions { /** * Brings back the groups the user belongs to. * * @default true * * @type {boolean} * @memberof AuthOptions */ useGroups?: boolean; /** * Brings back the Active Directory user information * * Note 1: only if we can reach Active Directory of the Domain Controller * * @default true * * @type {boolean} * @memberof AuthOptions */ useActiveDirectory?: boolean; /** * Brings back the server process owner info. * * @default false * * @type {boolean} * @memberof AuthOptions */ useOwner?: boolean; /** * Manage authentication with cookie. * Useful for performance when many users try to connect at the same time. * * @default true * * @type {boolean} * @memberof AuthOptions */ useCookies?: boolean; /** * Filter the groups. Useful if there are too much groups to fetch. * * @default ".*" * * @type {string} * @memberof AuthOptions */ groupFilterRegex?: string; /** * If true, someone that connects with wrong login/password may be * authenticated as Windows guest user. * * @default false * * @type {boolean} * @memberof AuthOptions */ allowsGuest?: boolean; /** * If true, someone that connects without login/password may be * authenticated as Windows anonymous user account. * * @default false * * @type {boolean} * @memberof AuthOptions */ allowsAnonymousLogon?: boolean; } export interface User { name?: string; sid?: string; displayName?: string; domain?: string; groups?: string[]; adUser?: ADUser; } export interface Database { users: ADUsers; } export interface ADUser { sn?: string; givenName?: string; cn?: string; [key: string]: any; } export type ADUsers = ADUser[]; export interface CookieList { [name: string]: string; }