-
Notifications
You must be signed in to change notification settings - Fork 1
/
site.js
182 lines (166 loc) · 6.19 KB
/
site.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
'use strict';
const login = require('connect-ensure-login');
const passport = require('passport');
const sso = require('./sso');
const request = require('request');
const config = require('./config');
/**
* https://localhost:4000/
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response to show the server is running
* @returns {undefined}
*/
exports.index = [
//login.ensureLoggedIn(),
(req, res) => {
res.render('index');
},
];
/**
* https://localhost:4000/signup (GET)
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response to show the server is running
* @returns {undefined}
*/
exports.signup = (req, res) => {
res.render('signup');
};
/**
* https://localhost:4000/signup (POST)
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response to show the server is running
* @returns {undefined}
*/
exports.signupForm = (req, res, next) => {
const basicAuth = new Buffer(`${config.client.clientID}:${config.client.clientSecret}`).toString('base64');
request.post(
"http://localhost:3000/api/user", {
form: req.body,
headers: {
Authorization: `Basic ${basicAuth}`,
},
}, (error,response,body) => {
next();
}
)
};
/**
* The signup page tailored to business
* https://localhost:4000/signup-biz (GET)
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response to show the server is running
* @returns {undefined}
*/
exports.signupBiz = (req, res) => {
res.render('signup-biz');
};
/**
* https://localhost:4000/signup-biz (POST)
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response to show the server is running
* @returns {undefined}
*/
exports.signupBizForm = (req, res) => {
res.send('Thanks for using this service!');
};
/**
* https://localhost:4000/login (GET)
* The OAuth2 Resource Owner Password Credentials login form
* being rendered. Use this to enter a user id and password
* which will then be sent to the Authorization server through
* the grant type of "password"
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response, which the login page of views/login.pug rendered
* @returns {undefined}
*/
exports.loginForm = (req, res) => {
res.render('login');
};
/**
* https://localhost:4000/login (POST)
*
* The login endpoint when a post occurs through the login form (see auth)
*/
exports.login = passport.authenticate('local', { successReturnToOrRedirect: '/', failureRedirect: '/login' });
/**
* https://localhost:4000/info
* An information screen which first checks if the user is logged in through
* the OAuth2 Resource Owner Password Credentials. If the user is logged in,
* then it sends the access token and refresh token to the page of views/info.ejs
*
* Although this uses login.ensureLoggedIn(), behind the scenes it's
* using OAuth2's Resource Owner Password Credentials to authenticate
* the user. On Authentication, a regular web session is created, and
* a access_token and refresh_token are attached.
*
* See auth.js's LocalStrategy
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response, which the login page of info is rendered
* @returns {undefined}
*/
exports.info = [
login.ensureLoggedIn(),
(req, res) => {
const accessToken = req.user.accessToken;
const refreshToken = req.user.refreshToken;
res.render('info', {
access_token : accessToken,
refresh_token : refreshToken,
});
},
];
/**
* https://localhost:4000/infosso
*
* An information screen which first checks if the user is logged in through
* the OAuth2 Authorization Code on the authorization server. This operates
* as a single sign on session, since if the user is already authenticated with
* the authorization server, then they're redirected back here, to the resource
* server. The authorization server holds a persistent session on the user's
* machine through a cookie while the resource server only holds a session cookie.
* If you close your browser and then reopen it, you will be directed to the
* authorization server and then back to this, the resource server, but you will
* not have to re-login back since your login is controlled through the authorization
* server's persistent session/cookie.
*
* If you're not logged into the authorization server, then you will have to
* enter your credentials with the authorization server's login form. Once you're
* logged in and you're redirected back to the resource server, the access token and
* refresh token follows with the redirection per the OAuth2 Authorization Code grant.
* The access token and (optionally) the refresh token are pushed to the client browser
* to access API calls to protected endpoints.
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response, which the infoss is rendered
* @returns {undefined}
*/
exports.infosso = [
sso.ensureSingleSignOn(),
(req, res) => {
const accessToken = req.session.accessToken;
const refreshToken = req.session.refreshToken;
res.render('info', {
access_token : accessToken,
refresh_token : refreshToken,
});
},
];
/**
* https://localhost:4000/api/protectedEndPoint
*
* An example protected endPoint
*
* This endpoint is protected to where you have to send the Authorization Bearer
* token to it and that token has to be valid on the authorization server. If the
* user is authenticated the it will send a plain text message back.
* @param {Object} req - The request, which nothing is done with
* @param {Object} res - The response, which the protectedEndPoint is rendered
* @returns {undefined}
*/
exports.protectedEndPoint = [
passport.authenticate('bearer', { session: false }),
(req, res) => {
// You can send whatever you want, such as JSON, etc...
// For a illustrative example, I'm just sending a string back
res.send(`Successful Protected EndPoint Data Call ${JSON.stringify(req.user)}`);
},
];