openhim-core
Version:
The OpenHIM core application that provides logging and routing of http requests
132 lines (104 loc) • 3.92 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", {
value: true
});
exports.authenticateUser = authenticateUser;
exports.koaMiddleware = koaMiddleware;
var _basicAuth = require('basic-auth');
var _basicAuth2 = _interopRequireDefault(_basicAuth);
var _winston = require('winston');
var _winston2 = _interopRequireDefault(_winston);
var _crypto = require('crypto');
var _crypto2 = _interopRequireDefault(_crypto);
var _bcryptjs = require('bcryptjs');
var _bcryptjs2 = _interopRequireDefault(_bcryptjs);
var _statsdClient = require('statsd-client');
var _statsdClient2 = _interopRequireDefault(_statsdClient);
var _os = require('os');
var _os2 = _interopRequireDefault(_os);
var _clients = require('../model/clients');
var _config = require('../config');
var _util = require('util');
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
const statsdServer = _config.config.get('statsd');
const application = _config.config.get('application');
const domain = `${_os2.default.hostname()}.${application.name}.appMetrics`;
const sdc = new _statsdClient2.default(statsdServer);
const bcryptCompare = (pass, client, callback) => _bcryptjs2.default.compare(pass, client.passwordHash, callback);
function cryptoCompare(pass, client, callback) {
const hash = _crypto2.default.createHash(client.passwordAlgorithm);
hash.update(pass);
hash.update(client.passwordSalt);
if (hash.digest('hex') === client.passwordHash) {
return callback(null, true);
} else {
return callback(null, false);
}
}
function comparePasswordWithClientHash(pass, client, callback) {
if (Array.from(_crypto2.default.getHashes()).includes(client.passwordAlgorithm)) {
return cryptoCompare(pass, client, callback);
} else {
return bcryptCompare(pass, client, callback);
}
}
function authenticateUser(ctx, done) {
const user = (0, _basicAuth2.default)(ctx.req);
if (user) {
return _clients.ClientModel.findOne({ clientID: user.name }, (err, client) => {
if (err) {
return done(err);
}
if (client) {
if (!(client.passwordAlgorithm && client.passwordHash)) {
_winston2.default.warn(`${user.name} does not have a basic auth password set`);
return done(null, null);
}
return comparePasswordWithClientHash(user.pass, client, (err, res) => {
if (err) {
return done(err);
}
if (res) {
_winston2.default.info(`${user.name} is authenticated.`);
ctx.authenticated = client;
ctx.authenticationType = 'basic';
return done(null, client);
} else {
_winston2.default.info(`${user.name} could NOT be authenticated, trying next auth mechanism if any...`);
return done(null, null);
}
});
} else {
_winston2.default.info(`${user.name} not found, trying next auth mechanism if any...`);
return done(null, null);
}
});
} else {
_winston2.default.info('No basic auth details supplied, trying next auth mechanism if any...');
ctx.authenticated = null; // Set to empty object rather than null
return done(null, null);
}
}
/*
* Koa middleware for authentication by basic auth
*/
async function koaMiddleware(ctx, next) {
let startTime;
if (statsdServer.enabled) {
startTime = new Date();
}
if (ctx.authenticated != null) {
await next();
} else {
const _authenticateUser = (0, _util.promisify)(authenticateUser);
await _authenticateUser(ctx);
if ((ctx.authenticated != null ? ctx.authenticated.clientID : undefined) != null) {
ctx.header['X-OpenHIM-ClientID'] = ctx.authenticated.clientID;
}
if (statsdServer.enabled) {
sdc.timing(`${domain}.basicAuthMiddleware`, startTime);
}
await next();
}
}
//# sourceMappingURL=basicAuthentication.js.map