UNPKG

openhim-core

Version:

The OpenHIM core application that provides logging and routing of http requests

openhim.org

jembi/openhim-core-js

106 lines (84 loc) 3.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
var Q, SDC, application, atna, auditing, authoriseClient, authoriseIP, config, domain, genAuthAudit, himSourceID, logger, os, sdc, statsdServer, utils, indexOf = [].indexOf || function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; }; Q = require("q"); logger = require("winston"); atna = require('atna-audit'); config = require('../config/config'); config.authentication = config.get('authentication'); utils = require('../utils'); auditing = require('../auditing'); statsdServer = config.get('statsd'); application = config.get('application'); himSourceID = config.get('auditing').auditEvents.auditSourceID; SDC = require('statsd-client'); os = require('os'); domain = (os.hostname()) + "." + application.name + ".appMetrics"; sdc = new SDC(statsdServer); genAuthAudit = function(remoteAddress) { var audit; audit = atna.nodeAuthentication(remoteAddress, himSourceID, os.hostname(), atna.OUTCOME_MINOR_FAILURE); audit = atna.wrapInSyslog(audit); return audit; }; authoriseClient = function(channel, ctx) { var i, len, ref, ref1, role; if ((ctx.authenticated != null) && (channel.allow != null)) { if (ctx.authenticated.roles != null) { ref = channel.allow; for (i = 0, len = ref.length; i < len; i++) { role = ref[i]; if (indexOf.call(ctx.authenticated.roles, role) >= 0) { return true; } } } if (ref1 = ctx.authenticated.clientID, indexOf.call(channel.allow, ref1) >= 0) { return true; } } return false; }; authoriseIP = function(channel, ctx) { var ref, ref1; if (((ref = channel.whitelist) != null ? ref.length : void 0) > 0) { return ref1 = ctx.ip, indexOf.call(channel.whitelist, ref1) >= 0; } else { return true; } }; exports.authorise = function(ctx, done) { var channel; channel = ctx.matchingChannel; if ((channel != null) && authoriseIP(channel, ctx) && (channel.authType === 'public' || authoriseClient(channel, ctx))) { ctx.authorisedChannel = channel; logger.info("The request, '" + ctx.request.path + "' is authorised to access " + ctx.authorisedChannel.name); } else { ctx.response.status = 401; if (config.authentication.enableBasicAuthentication) { ctx.set("WWW-Authenticate", "Basic"); } logger.info("The request, '" + ctx.request.path + "', is not authorised to access any channels."); auditing.sendAuditEvent(genAuthAudit(ctx.ip), function() { return logger.debug('Processed nodeAuthentication audit'); }); } return done(); }; exports.koaMiddleware = function*(next) { var authorise, startTime; if (statsdServer.enabled) { startTime = new Date(); } authorise = Q.denodeify(exports.authorise); (yield authorise(this)); if (this.authorisedChannel != null) { if (statsdServer.enabled) { sdc.timing(domain + ".authorisationMiddleware", startTime); } return (yield next); } }; if (process.env.NODE_ENV === "test") { exports.genAuthAudit = genAuthAudit; } //# sourceMappingURL=authorisation.js.map