UNPKG

openhim-core

Version:

The OpenHIM core application that provides logging and routing of http requests

openhim.org

jembi/openhim-core-js

70 lines (57 loc) 2.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
Q = require "q" logger = require "winston" atna = require 'atna-audit' config = require '../config/config' config.authentication = config.get('authentication') utils = require '../utils' auditing = require '../auditing' statsdServer = config.get 'statsd' application = config.get 'application' himSourceID = config.get('auditing').auditEvents.auditSourceID SDC = require 'statsd-client' os = require 'os' domain = "#{os.hostname()}.#{application.name}.appMetrics" sdc = new SDC statsdServer genAuthAudit = (remoteAddress) -> audit = atna.nodeAuthentication remoteAddress, himSourceID, os.hostname(), atna.OUTCOME_MINOR_FAILURE audit = atna.wrapInSyslog audit return audit authoriseClient = (channel, ctx) -> if ctx.authenticated? and channel.allow? if ctx.authenticated.roles? for role in channel.allow if role in ctx.authenticated.roles return true if ctx.authenticated.clientID in channel.allow return true return false authoriseIP = (channel, ctx) -> if channel.whitelist?.length > 0 return ctx.ip in channel.whitelist else return true # whitelist auth not required exports.authorise = (ctx, done) -> channel = ctx.matchingChannel if channel? and authoriseIP(channel, ctx) and (channel.authType is 'public' or authoriseClient(channel, ctx)) # authorisation succeeded ctx.authorisedChannel = channel logger.info "The request, '#{ctx.request.path}' is authorised to access #{ctx.authorisedChannel.name}" else # authorisation failed ctx.response.status = 401 if config.authentication.enableBasicAuthentication ctx.set "WWW-Authenticate", "Basic" logger.info "The request, '#{ctx.request.path}', is not authorised to access any channels." auditing.sendAuditEvent genAuthAudit(ctx.ip), -> logger.debug 'Processed nodeAuthentication audit' done() exports.koaMiddleware = (next) -> startTime = new Date() if statsdServer.enabled authorise = Q.denodeify exports.authorise yield authorise this if this.authorisedChannel? sdc.timing "#{domain}.authorisationMiddleware", startTime if statsdServer.enabled yield next # export private functions for unit testing # note: you cant spy on these method because of this :( if process.env.NODE_ENV == "test" exports.genAuthAudit = genAuthAudit