openhim-core/lib/middleware/basicAuthentication.js

The OpenHIM core application that provides logging and routing of http requests

"use strict";

Object.defineProperty(exports, "__esModule", {
  value: true
});
exports.authenticateUser = authenticateUser;
exports.koaMiddleware = koaMiddleware;

var _basicAuth = _interopRequireDefault(require("basic-auth"));

var _winston = _interopRequireDefault(require("winston"));

var _crypto = _interopRequireDefault(require("crypto"));

var _bcryptjs = _interopRequireDefault(require("bcryptjs"));

var _clients = require("../model/clients");

var _config = require("../config");

var _util = require("util");

function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

const bcryptCompare = (pass, client, callback) => _bcryptjs.default.compare(pass, client.passwordHash, callback);

function cryptoCompare(pass, client, callback) {
  const hash = _crypto.default.createHash(client.passwordAlgorithm);

  hash.update(pass);
  hash.update(client.passwordSalt);

  if (hash.digest('hex') === client.passwordHash) {
    return callback(null, true);
  } else {
    return callback(null, false);
  }
}

function comparePasswordWithClientHash(pass, client, callback) {
  if (Array.from(_crypto.default.getHashes()).includes(client.passwordAlgorithm)) {
    return cryptoCompare(pass, client, callback);
  } else {
    return bcryptCompare(pass, client, callback);
  }
}

function authenticateUser(ctx, done) {
  const user = (0, _basicAuth.default)(ctx.req);

  if (user) {
    return _clients.ClientModel.findOne({
      clientID: user.name
    }, (err, client) => {
      if (err) {
        return done(err);
      }

      if (client) {
        if (!(client.passwordAlgorithm && client.passwordHash)) {
          _winston.default.warn(`${user.name} does not have a basic auth password set`);

          return done(null, null);
        }

        return comparePasswordWithClientHash(user.pass, client, (err, res) => {
          if (err) {
            return done(err);
          }

          if (res) {
            _winston.default.info(`${user.name} is authenticated.`);

            ctx.authenticated = client;
            ctx.authenticationType = 'basic';
            return done(null, client);
          } else {
            _winston.default.info(`${user.name} could NOT be authenticated, trying next auth mechanism if any...`);

            return done(null, null);
          }
        });
      } else {
        _winston.default.info(`${user.name} not found, trying next auth mechanism if any...`);

        return done(null, null);
      }
    });
  } else {
    _winston.default.info('No basic auth details supplied, trying next auth mechanism if any...');

    ctx.authenticated = null; // Set to empty object rather than null

    return done(null, null);
  }
}
/*
 * Koa middleware for authentication by basic auth
 */


async function koaMiddleware(ctx, next) {
  if (ctx.authenticated != null) {
    await next();
  } else {
    const _authenticateUser = (0, _util.promisify)(authenticateUser);

    await _authenticateUser(ctx);

    if ((ctx.authenticated != null ? ctx.authenticated.clientID : undefined) != null) {
      ctx.header['X-OpenHIM-ClientID'] = ctx.authenticated.clientID;
    }

    await next();
  }
}
//# sourceMappingURL=basicAuthentication.js.map