Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Koa Support #24

Closed
MarkHerhold opened this issue Apr 8, 2016 · 8 comments
Closed

Koa Support #24

MarkHerhold opened this issue Apr 8, 2016 · 8 comments

Comments

@MarkHerhold
Copy link

Hi @abbr, I was wondering if you had any plans to support koa or if you had any thoughts on the issue. I'll probably fork this repo and attempt to get NodeSSPI to work with koa in the coming weeks.

Any thoughts on the issue would be much appreciated.
@abbr
Copy link
Owner

abbr commented Apr 8, 2016

NodeSSPI is agnostic to web framework, as long as running on Node.js and Windows. Do you find any specific issue?

@MarkHerhold
Copy link
Author

@abbr Yes, Koa tries to be smart about how it handles requests, so when NodeSSPI calls res.end(), the request is complete but and Koa will later try to add headers to the response and end it itself. This causes a "Can't set headers after they are sent" error.

I believe the "appropriate" way to handle this in Koa is to make NodeSSPI act as middleware, where user information is added to the req object (e.g. req.connection.userGroups) if authorized. If the user isn't authorized, the middleware should not yield next;.

For example, NodeSSPI middleware could look like this:

app.use(function *(next){
  let isAuthorized = NodeSSPI.isAuthorized();

  if (isAuthorized) {
    yield next;
  } else {
    yield NodeSSPI.authorize();
    // yield next; // maybe?
    // NodeSSPI.authorize would set the appropriate headers internally but not call `res.end()`
  }
});

https://github.com/koajs/koa/blob/master/docs/guide.md#guide

@MarkHerhold
Copy link
Author

I actually initially expected NodeSSPI to behave a bit more like a library that simply checks if a user is authorized and then provide a function to authorize the user, but it looks like NodeSSO is pretty dependent on being able to directly manipulate the requests...

@abbr
Copy link
Owner

abbr commented Apr 12, 2016

Have you tried to set authoritative to false? This option effectively skipping calling response.end() by NodeSSPI.

@MarkHerhold
Copy link
Author

@abbr I have not, this is wonderful! I'll let you know what I come up with.

@MarkHerhold
Copy link
Author

I've been unable to work on this so I'm closing for the time being.

@emahuni
Copy link

emahuni commented Oct 31, 2020

please take a look at #80 answers it worked for me

@gotenks
Copy link

gotenks commented Jan 9, 2021

I support comments made by @MarkHerhold, because neither "authoritative" option, nor solution posted at #80 worked for me. The problem with solution at #80 is, that it bypasses koa normal response processing, which is actually a problem in my case, and it is not supported by koa developers, since it is considered a hack ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gotenks @MarkHerhold @abbr @emahuni