ya-express-ntlm/dist/cjs/src/express-ntlm/handle-authenticate.js

ya-express-ntlm

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.handleAuthenticate = void 0;
const af_color_1 = require("af-color");
const interfaces_1 = require("../interfaces");
const utils_1 = require("./lib/utils");
const ProxyCache_1 = require("./proxy/ProxyCache");
const debug_1 = require("./debug");
const user_auth_delay_cache_1 = require("./user-auth-delay-cache");
const getFragmentOfNtlmMessageType3 = (buf, offsetPos, lenPos, isUtf16le) => {
    const offset = buf.readUInt32LE(offsetPos);
    const len = buf.readUInt16LE(lenPos);
    const fragmentBuf = buf.subarray(offset, offset + len);
    return isUtf16le ? fragmentBuf.toString('utf16le') : fragmentBuf.toString();
};
const getUdwFromMessageType3 = (msg) => {
    const isUtf16le = (0, utils_1.isFlagSet)(msg.readUInt8(0x3C), (0, utils_1.toBinary)('00000001'));
    return {
        domain: getFragmentOfNtlmMessageType3(msg, 0x20, 0x1C, isUtf16le),
        username: getFragmentOfNtlmMessageType3(msg, 0x28, 0x24, isUtf16le),
        workstation: getFragmentOfNtlmMessageType3(msg, 0x30, 0x2C, isUtf16le),
    };
};
const handleAuthenticate = async (rsn, messageType3) => {
    const IS_ERROR = false;
    const IS_SUCCESS = true;
    const { req, res, options } = rsn;
    const { uri } = req.ntlm;
    const strategy = options.getStrategy(rsn);
    const udw = getUdwFromMessageType3(messageType3);
    if (!udw.domain) {
        (0, debug_1.debugNtlmAuthFlow)(`${af_color_1.yellow}No domain extracted from NTLM message Type 3 ${af_color_1.reset}(for ${uri})`);
    }
    // req.ntlm may already have data, but MessageType3 may not have all of it.
    res.locals.ntlm = (0, utils_1.transferExistingProps)(udw, req.ntlm);
    options.addCachedUserData(rsn, req.ntlm);
    const userData = req.ntlm;
    const { domain } = userData;
    const toNextAttemptSec = user_auth_delay_cache_1.userAuthDelayCache.get(userData);
    if (toNextAttemptSec) {
        options.handleHttpError400(res, `${toNextAttemptSec} seconds left until next login attempt`);
        return IS_ERROR;
    }
    let result = IS_SUCCESS;
    if (strategy === interfaces_1.EAuthStrategy.NTLM_STUB) {
        userData.isAuthenticated = true;
    }
    else {
        const proxyId = options.getProxyId({ ...rsn, payload: null });
        const proxy = ProxyCache_1.proxyCache.getProxy(proxyId);
        if (!proxy) {
            options.handleHttpError500(res, `No LDAP proxy found in cache by id '${proxyId}' / domain '${domain}' (for ${uri})`);
            return IS_ERROR;
        }
        try {
            userData.isAuthenticated = await proxy.authenticate(messageType3);
        }
        catch (err) {
            options.handleHttpError500(res, err);
            result = IS_ERROR;
        }
    }
    if (!userData.isAuthenticated) {
        user_auth_delay_cache_1.userAuthDelayCache.set(userData, rsn);
    }
    (0, debug_1.debugNtlmAuthFlow)(`User ${af_color_1.bold}${af_color_1.lBlue}${domain ? `${domain}/` : ''}${userData.username} ${userData.isAuthenticated ? af_color_1.bg.lGreen : `${af_color_1.bg.lYellow}NOT `}${af_color_1.bold}Authenticated${af_color_1.bg.def + af_color_1.boldOff}${af_color_1.reset} / Requested URI: ${uri}`);
    ProxyCache_1.proxyCache.info('resume');
    return result;
};
exports.handleAuthenticate = handleAuthenticate;
//# sourceMappingURL=handle-authenticate.js.map