Remove passport

src/server.js

@@ -15,7 +15,6 @@ var accesscontrol = require('./accesscontrol.js'),
     express = require('express'),
     http = require('http'),
     middleware = require('./middleware'),
-    passport = require('passport'),
     routes = require('./routes/index.js'),
     settings = require('./settings.js'),
     ws = require('ws');
@@ -68,7 +67,6 @@ function initializeExpressSync() {
         .use(json)
         .use(urlencoded)
         .use(middleware.cors({ origins: [ '*' ], allowCredentials: false }))
-        .use(passport.initialize())
         .use(router)
         .use(middleware.lastMile());
 
@@ -78,21 +76,24 @@ function initializeExpressSync() {
 
     var multipart = middleware.multipart({ maxFieldsSize: FIELD_LIMIT, limit: FILE_SIZE_LIMIT, timeout: FILE_TIMEOUT });
 
+    const password = routes.accesscontrol.passwordAuth;
+    const token = routes.accesscontrol.tokenAuth;
+
     // scope middleware implicitly also adds bearer token verification
-    var cloudronScope = routes.accesscontrol.scope(accesscontrol.SCOPE_CLOUDRON);
-    var subscriptionScope = routes.accesscontrol.scope(accesscontrol.SCOPE_SUBSCRIPTION);
-    var appstoreScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPSTORE);
-    var profileScope = routes.accesscontrol.scope(accesscontrol.SCOPE_PROFILE);
-    var usersReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_READ);
-    var usersManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_MANAGE);
-    var appsReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_READ);
-    var appsManageScope = [ routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_MANAGE) ];
-    var settingsScope = routes.accesscontrol.scope(accesscontrol.SCOPE_SETTINGS);
-    var mailScope = routes.accesscontrol.scope(accesscontrol.SCOPE_MAIL);
-    var notificationsScope = [ routes.accesscontrol.scope(accesscontrol.SCOPE_PROFILE), routes.notifications.verifyOwnership ];
-    var clientsScope = routes.accesscontrol.scope(accesscontrol.SCOPE_CLIENTS);
-    var domainsReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_DOMAINS_READ);
-    var domainsManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_DOMAINS_MANAGE);
+    var cloudronScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_CLOUDRON) ];
+    var subscriptionScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_SUBSCRIPTION) ];
+    var appstoreScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_APPSTORE) ];
+    var profileScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_PROFILE) ];
+    var usersReadScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_READ) ];
+    var usersManageScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_MANAGE) ];
+    var appsReadScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_READ) ];
+    var appsManageScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_MANAGE) ];
+    var settingsScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_SETTINGS) ];
+    var mailScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_MAIL) ];
+    var notificationsScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_PROFILE), routes.notifications.verifyOwnership ];
+    var clientsScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_CLIENTS) ];
+    var domainsReadScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_DOMAINS_READ) ];
+    var domainsManageScope = [ token, routes.accesscontrol.scope(accesscontrol.SCOPE_DOMAINS_MANAGE) ];
 
     const verifyDomainLock = routes.domains.verifyDomainLock;
 
@@ -105,14 +106,14 @@ function initializeExpressSync() {
     router.get ('/api/v1/cloudron/avatar', routes.settings.getCloudronAvatar); // this is a public alias for /api/v1/settings/cloudron_avatar
 
     // login/logout routes
-    router.post('/api/v1/cloudron/login', routes.cloudron.login);
+    router.post('/api/v1/cloudron/login', password, routes.cloudron.login);
     router.get ('/api/v1/cloudron/logout', routes.cloudron.logout); // this will invalidate the token if any and redirect to /login.html always
     router.post('/api/v1/cloudron/password_reset_request', routes.cloudron.passwordResetRequest);
     router.post('/api/v1/cloudron/password_reset', routes.cloudron.passwordReset);
     router.post('/api/v1/cloudron/setup_account', routes.cloudron.setupAccount);
 
     // developer routes
-    router.post('/api/v1/developer/login', routes.developer.login);
+    router.post('/api/v1/developer/login', password, routes.developer.login);
 
     // cloudron routes
     router.get ('/api/v1/cloudron/update', cloudronScope, routes.cloudron.getUpdateInfo);
@@ -339,7 +340,6 @@ function start(callback) {
     gHttpServer = initializeExpressSync();
 
     async.series([
-        routes.accesscontrol.initialize,  // hooks up authentication strategies into passport
         database.initialize,
         settings.initCache, // pre-load very often used settings
         cloudron.initialize,
@@ -356,7 +356,6 @@ function stop(callback) {
     async.series([
         cloudron.uninitialize,
         database.uninitialize,
-        routes.accesscontrol.uninitialize,
         gHttpServer.close.bind(gHttpServer),
     ], function (error) {
         if (error) return callback(error);