UNPKG

openhim-core

Version:

The OpenHIM core application that provides logging and routing of http requests

openhim.org

jembi/openhim-core-js

62 lines (53 loc) 2.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
var User, config, crypto, isUndefOrEmpty, logger; User = require('../model/users').User; crypto = require('crypto'); logger = require('winston'); config = require("../config/config"); config.api = config.get('api'); isUndefOrEmpty = function(string) { return (string == null) || string === ''; }; exports.authenticate = function*(next) { var authSalt, authTS, authToken, authWindowSeconds, email, from, hash, header, ref, requestDate, to, user; header = this.request.header; email = header['auth-username']; authTS = header['auth-ts']; authSalt = header['auth-salt']; authToken = header['auth-token']; if (isUndefOrEmpty(email) || isUndefOrEmpty(authTS) || isUndefOrEmpty(authSalt) || isUndefOrEmpty(authToken)) { logger.info("API request made by " + email + " from " + this.request.host + " is missing required API authentication headers, denying access"); this.status = 401; return; } requestDate = new Date(Date.parse(authTS)); authWindowSeconds = (ref = config.api.authWindowSeconds) != null ? ref : 10; to = new Date(); to.setSeconds(to.getSeconds() + authWindowSeconds); from = new Date(); from.setSeconds(from.getSeconds() - authWindowSeconds); if (requestDate < from || requestDate > to) { logger.info("API request made by " + email + " from " + this.request.host + " has expired, denying access"); this.status = 401; return; } user = (yield User.findOne({ email: email }).exec()); this.authenticated = user; if (!user) { logger.info("No user exists for " + email + ", denying access to API, request originated from " + this.request.host); this.status = 401; return; } hash = crypto.createHash('sha512'); hash.update(user.passwordHash); hash.update(authSalt); hash.update(authTS); if (authToken === hash.digest('hex')) { return (yield next); } else { logger.info("API token did not match expected value, denying access to API, the request was made by " + email + " from " + this.request.host); return this.status = 401; } }; //# sourceMappingURL=authentication.js.map