forked from FieldDB/AuthenticationWebService
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth_service.js
executable file
·131 lines (123 loc) · 4.96 KB
/
auth_service.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/usr/local/bin/node
var bodyParser = require('body-parser');
var bunyan = require('express-bunyan-logger');
/**
* You can control aspects of the deployment by using Environment Variables
*
* Examples:
* $ NODE_ENV=production # uses config/production.js
* $ NODE_ENV=test # uses config/test.js
* $ NODE_ENV=development # uses config/development.js
* $ NODE_ENV=local # uses config/local.js
* $ NODE_ENV=yoursecretconfig # uses config/yoursecretconfig.js
*/
var config = require('config');
var crossOriginResourceSharing = require('cors');
var debug = require('debug')('auth:service');
var express = require('express');
var favicon = require('serve-favicon');
var path = require('path');
/* Load modules provided by this codebase */
var authenticationMiddleware = require('./middleware/authentication');
var authWebServiceRoutes = require('./routes/routes');
var errorHandler = require('./middleware/error-handler').errorHandler;
var deprecatedRoutes = require('./routes/deprecated');
var apiVersion = 'v1'; // 'v' + parseInt(require('./package.json').version, 10);
var apiRegex = /\/v1/;
var corsOptions = {
credentials: true,
maxAge: 86400,
methods: 'HEAD, POST, GET, PUT, PATCH, DELETE',
allowedHeaders: 'Access-Control-Allow-Origin, access-control-request-headers, accept, accept-charset, accept-encoding, accept-language, authorization, content-length, content-type, host, origin, proxy-connection, referer, user-agent, x-requested-with',
origin: function isOriginWhiteListed(origin, callback) {
var originIsWhitelisted = false;
if (/* permit curl */ origin === undefined || /* permit android */ origin === 'null' || origin === null || !origin) {
originIsWhitelisted = true;
} else if (origin.search(/^https?:\/\/.*\.lingsync.org$/) > -1
|| origin.search(/^https?:\/\/.*\.phophlo.ca$/) > -1
|| origin.search(/^https?:\/\/(localhost|127.0.0.1):[0-9]*$/) > -1
|| origin.search(/^chrome-extension:\/\/[^/]*$/) > -1
|| origin.search(/^https?:\/\/.*\.jrwdunham.com$/) > -1) {
originIsWhitelisted = true;
}
debug(new Date() + ' Responding with CORS options for ' + origin + ' accept as whitelisted is: ' + originIsWhitelisted);
callback(null, originIsWhitelisted);
}
};
/**
* Use Express to create the authWebService see http://expressjs.com/ for more details
*/
var authWebService = express();
authWebService.use(crossOriginResourceSharing(corsOptions));
// Accept versions
// authWebService.use(function versionMiddleware(req, res, next) {
// if (req.url.indexOf('/' + apiVersion) === 0) {
// req.url = req.url.replace('/' + apiVersion, '');
// }
// next();
// });
debug('Accepting api version ' + apiVersion);
/**
* Middleware
*/
// The example attaches it to the express
// https://github.com/oauthjs/express-oauth-server#quick-start
// service.oauth = oauthMiddleware;
authWebService.use(authenticationMiddleware.jwt);
authWebService.use(favicon(path.join(__dirname, '/public/favicon.ico')));
authWebService.use(bunyan({
name: 'fielddb-auth',
streams: [{
level: process.env.BUNYAN_LOG_LEVEL || 'warn',
stream: process.stdout
}]
}));
// authWebService.use(session({
// resave: true,
// saveUninitialized: true,
// secret: config.sessionKey
// }));
authWebService.use(bodyParser.json());
authWebService.use(bodyParser.urlencoded({
extended: true
}));
// authWebService.use(methodOverride());
// authWebService.use(authWebService.router);
/*
* Although this is mostly a webservice used by machines (not a websserver used by humans)
* we are still serving a user interface for the api sandbox in the public folder
*/
authWebService.use(express.static(path.join(__dirname, 'public')));
authWebService.options('*', function options(req, res) {
if (req.method === 'OPTIONS') {
debug('responding to OPTIONS request');
res.send(204);
}
});
authWebService.use('/bower_components', express.static(path.join(__dirname,
'/public/components/as-ui-auth/bower_components')));
authWebService.use('/authentication', authenticationMiddleware.redirectAuthenticatedUser, express.static(path.join(__dirname, '/public/components/as-ui-auth/components')));
authWebService.use('/authentication/register', authenticationMiddleware.redirectAuthenticatedUser,
express.static(path.join(__dirname, '/public/components/as-ui-auth/components/signup')));
/**
* Set up all the available URL authWebServiceRoutes see routes/routes.js for more details
*/
authWebServiceRoutes.setup(authWebService);
/**
* Set up all the old routes until all client apps have migrated to the v2+ api
*/
deprecatedRoutes.addDeprecatedRoutes(authWebService, config);
/**
* Not found
*/
authWebService.use(function notFoundMiddleware(req, res, next) {
// if (apiRegex.test(req.path) || req.method !== 'GET') {
var err = new Error('Not Found');
debug(req.url + ' was not found/handled');
err.status = 404;
return next(err, req, res, next);
// }
// next();
});
authWebService.use(errorHandler);
module.exports = authWebService;