UNPKG

ya-express-ntlm

Version:

ya-express-ntlm

github.com/Bazilio-san/ya-express-ntlm

Bazilio-san/ya-express-ntlm

78 lines (68 loc) 3.05 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import { Buffer } from 'buffer'; import { bg, bold, boldOff, lBlue, reset, yellow } from 'af-color'; import { EAuthStrategy, IRsn, IUserData } from '../interfaces'; import { isFlagSet, toBinary, transferExistingProps } from './lib/utils'; import { proxyCache } from './proxy/ProxyCache'; import { debugNtlmAuthFlow } from './debug'; import { userAuthDelayCache } from './user-auth-delay-cache'; import { NTLMProxy } from './proxy/NTLMProxy'; const getFragmentOfNtlmMessageType3 = (buf: Buffer, offsetPos: number, lenPos: number, isUtf16le: boolean): string => { const offset = buf.readUInt32LE(offsetPos); const len = buf.readUInt16LE(lenPos); const fragmentBuf: Buffer = buf.subarray(offset, offset + len); return isUtf16le ? fragmentBuf.toString('utf16le') : fragmentBuf.toString(); }; const getUdwFromMessageType3 = (msg: Buffer): IUserData => { const isUtf16le = isFlagSet(msg.readUInt8(0x3C), toBinary('00000001')); return { domain: getFragmentOfNtlmMessageType3(msg, 0x20, 0x1C, isUtf16le), username: getFragmentOfNtlmMessageType3(msg, 0x28, 0x24, isUtf16le), workstation: getFragmentOfNtlmMessageType3(msg, 0x30, 0x2C, isUtf16le), }; }; export const handleAuthenticate = async (rsn: IRsn, messageType3: Buffer): Promise<boolean> => { const IS_ERROR = false; const IS_SUCCESS = true; const { req, res, options } = rsn; const { uri } = req.ntlm; const strategy = options.getStrategy(rsn); const udw = getUdwFromMessageType3(messageType3); if (!udw.domain) { debugNtlmAuthFlow(`${yellow}No domain extracted from NTLM message Type 3 ${reset}(for ${uri})`); } // req.ntlm may already have data, but MessageType3 may not have all of it. res.locals.ntlm = transferExistingProps(udw, req.ntlm); options.addCachedUserData(rsn, req.ntlm as IUserData); const userData = req.ntlm; const { domain } = userData; const toNextAttemptSec = userAuthDelayCache.get(userData); if (toNextAttemptSec) { options.handleHttpError400(res, `${toNextAttemptSec} seconds left until next login attempt`); return IS_ERROR; } let result = IS_SUCCESS; if (strategy === EAuthStrategy.NTLM_STUB) { userData.isAuthenticated = true; } else { const proxyId = options.getProxyId({ ...rsn, payload: null }); const proxy = proxyCache.getProxy(proxyId) as NTLMProxy; if (!proxy) { options.handleHttpError500(res, `No LDAP proxy found in cache by id '${proxyId}' / domain '${domain}' (for ${uri})`); return IS_ERROR; } try { userData.isAuthenticated = await proxy.authenticate(messageType3); } catch (err) { options.handleHttpError500(res, err); result = IS_ERROR; } } if (!userData.isAuthenticated) { userAuthDelayCache.set(userData, rsn); } debugNtlmAuthFlow(`User ${bold}${lBlue}${domain ? `${domain}/` : ''}${userData.username } ${userData.isAuthenticated ? bg.lGreen : `${bg.lYellow}NOT `}${ bold}Authenticated${bg.def + boldOff}${reset} / Requested URI: ${uri}`); proxyCache.info('resume'); return result; };