This repository was archived by the owner on Jun 2, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 745
/
Copy pathauth.js
93 lines (79 loc) · 2.47 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
'use strict';
var debug = require('debug')('cnpmjs.org:middleware:auth');
var UserService = require('../services/user');
var TokenService = require('../services/token');
var config = require('../config');
var common = require('../lib/common');
/**
* Parse the request authorization
* get the real user
*/
module.exports = function () {
return function* auth(next) {
this.user = {};
var authorization = (this.get('authorization') || '').trim();
debug('%s %s with %j', this.method, this.url, authorization);
if (!authorization) {
return yield unauthorized.call(this, next);
}
var row;
try {
var authorizeType = common.getAuthorizeType(this);
if (authorizeType === common.AuthorizeType.BASIC) {
row = yield basicAuth(authorization);
} else if (authorizeType === common.AuthorizeType.BEARER) {
row = yield bearerAuth(authorization, this.method, this.ip);
} else {
return yield unauthorized.call(this, next);
}
} catch (err) {
// do not response error here
// many request do not need login
this.user.error = err;
}
if (!row) {
debug('auth fail user: %j, headers: %j', row, this.header);
return yield unauthorized.call(this, next);
}
this.user.name = row.login;
this.user.isAdmin = row.site_admin;
this.user.scopes = row.scopes;
debug('auth pass user: %j, headers: %j', this.user, this.header);
yield next;
};
};
function* basicAuth(authorization) {
authorization = authorization.split(' ')[1];
authorization = Buffer.from(authorization, 'base64').toString();
var pos = authorization.indexOf(':');
if (pos === -1) {
return null;
}
var username = authorization.slice(0, pos);
var password = authorization.slice(pos + 1);
return yield UserService.auth(username, password);
}
function* bearerAuth(authorization, method, ip) {
var token = authorization.split(' ')[1];
var isReadOperation = method === 'HEAD' || method === 'GET';
return yield TokenService.validateToken(token, {
isReadOperation: isReadOperation,
accessIp: ip,
});
}
function* unauthorized(next) {
if (!config.alwaysAuth || this.method !== 'GET') {
return yield next;
}
this.status = 401;
this.set('WWW-Authenticate', 'Basic realm="sample"');
if (this.accepts(['html', 'json']) === 'json') {
const error = '[unauthorized] login first';
this.body = {
error,
reason: error,
};
} else {
this.body = 'login first';
}
}