openhim-core
Version:
The OpenHIM core application that provides logging and routing of http requests
122 lines (100 loc) • 3.49 kB
JavaScript
var Client, Q, SDC, application, auth, bcrypt, bcryptCompare, comparePasswordWithClientHash, config, crypto, cryptoCompare, domain, logger, os, sdc, statsdServer,
indexOf = [].indexOf || function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; };
auth = require('basic-auth');
Q = require("q");
Client = require("../model/clients").Client;
logger = require("winston");
crypto = require("crypto");
bcrypt = require('bcryptjs');
config = require('../config/config');
statsdServer = config.get('statsd');
application = config.get('application');
SDC = require('statsd-client');
os = require('os');
domain = (os.hostname()) + "." + application.name + ".appMetrics";
sdc = new SDC(statsdServer);
bcryptCompare = function(pass, client, callback) {
return bcrypt.compare(pass, client.passwordHash, callback);
};
cryptoCompare = function(pass, client, callback) {
var hash;
hash = crypto.createHash(client.passwordAlgorithm);
hash.update(pass);
hash.update(client.passwordSalt);
if (hash.digest('hex') === client.passwordHash) {
return callback(null, true);
} else {
return callback(null, false);
}
};
comparePasswordWithClientHash = function(pass, client, callback) {
var ref;
if (ref = client.passwordAlgorithm, indexOf.call(crypto.getHashes(), ref) >= 0) {
return cryptoCompare(pass, client, callback);
} else {
return bcryptCompare(pass, client, callback);
}
};
exports.authenticateUser = function(ctx, done) {
var user;
user = auth(ctx);
if (user) {
return Client.findOne({
clientID: user.name
}, function(err, client) {
if (err) {
return done(err);
}
if (client) {
if (!(client.passwordAlgorithm && client.passwordHash)) {
logger.warn(user.name + " does not have a basic auth password set");
return done(null, null);
}
return comparePasswordWithClientHash(user.pass, client, function(err, res) {
if (err) {
return done(err);
}
if (res) {
logger.info(user.name + " is authenticated.");
ctx.authenticated = client;
ctx.authenticationType = 'basic';
return done(null, client);
} else {
logger.info(user.name + " could NOT be authenticated, trying next auth mechanism if any...");
return done(null, null);
}
});
} else {
logger.info(user.name + " not found, trying next auth mechanism if any...");
return done(null, null);
}
});
} else {
logger.info("No basic auth details supplied, trying next auth mechanism if any...");
ctx.authenticated = null;
return done(null, null);
}
};
/*
* Koa middleware for authentication by basic auth
*/
exports.koaMiddleware = function*(next) {
var authenticateUser, ref, startTime;
if (statsdServer.enabled) {
startTime = new Date();
}
if (this.authenticated != null) {
return (yield next);
} else {
authenticateUser = Q.denodeify(exports.authenticateUser);
(yield authenticateUser(this));
if (((ref = this.authenticated) != null ? ref.clientID : void 0) != null) {
this.header['X-OpenHIM-ClientID'] = this.authenticated.clientID;
}
if (statsdServer.enabled) {
sdc.timing(domain + ".basicAuthMiddleware", startTime);
}
return (yield next);
}
};
//# sourceMappingURL=basicAuthentication.js.map