diff --git a/box.js b/box.js index 3fc6f9a17..1b6a0d1b8 100755 --- a/box.js +++ b/box.js @@ -14,6 +14,7 @@ var appHealthMonitor = require('./src/apphealthmonitor.js'), async = require('async'), config = require('./src/config.js'), ldap = require('./src/ldap.js'), + simpleauth = require('./src/simpleauth.js'), oauthproxy = require('./src/oauthproxy.js'), server = require('./src/server.js'); @@ -35,6 +36,7 @@ console.log(); async.series([ server.start, ldap.start, + simpleauth.start, appHealthMonitor.start, oauthproxy.start ], function (error) { @@ -49,6 +51,7 @@ var NOOP_CALLBACK = function () { }; process.on('SIGINT', function () { server.stop(NOOP_CALLBACK); ldap.stop(NOOP_CALLBACK); + simpleauth.stop(NOOP_CALLBACK); oauthproxy.stop(NOOP_CALLBACK); setTimeout(process.exit.bind(process), 3000); }); @@ -56,6 +59,7 @@ process.on('SIGINT', function () { process.on('SIGTERM', function () { server.stop(NOOP_CALLBACK); ldap.stop(NOOP_CALLBACK); + simpleauth.stop(NOOP_CALLBACK); oauthproxy.stop(NOOP_CALLBACK); setTimeout(process.exit.bind(process), 3000); }); diff --git a/src/server.js b/src/server.js index 3ae5a8bf3..6e07043e3 100644 --- a/src/server.js +++ b/src/server.js @@ -141,10 +141,6 @@ function initializeExpressSync() { router.get ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.getClientTokens); router.del ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.delClientTokens); - // basic auth - router.post('/api/v1/simpleauth/login', routes.simpleauth.login); - router.get ('/api/v1/simpleauth/logout', profileScope, routes.simpleauth.logout); - // app routes router.get ('/api/v1/apps', appsScope, routes.apps.getApps); router.get ('/api/v1/apps/:id', appsScope, routes.apps.getApp); diff --git a/src/simpleauth.js b/src/simpleauth.js index 5910f9e74..a3cac4b93 100644 --- a/src/simpleauth.js +++ b/src/simpleauth.js @@ -1,17 +1,28 @@ 'use strict'; exports = module.exports = { - login: login, - logout: logout + start: start, + stop: stop }; var assert = require('assert'), debug = require('debug')('box:simpleauth'), user = require('./user.js'), tokendb = require('./tokendb.js'), - clients = require('./clients.js'); + clients = require('./clients.js'), + config = require('./config.js'), + debug = require('debug')('box:proxy'), + middleware = require('./middleware'), + express = require('express'), + HttpError = require('connect-lastmile').HttpError, + HttpSuccess = require('connect-lastmile').HttpSuccess, + DatabaseError = require('./databaseerror.js'), + UserError = require('./user.js').UserError, + http = require('http'); -function login(clientId, username, password, callback) { +var gHttpServer = null; + +function loginLogic(clientId, username, password, callback) { assert.strictEqual(typeof clientId, 'string'); assert.strictEqual(typeof username, 'string'); assert.strictEqual(typeof password, 'string'); @@ -39,7 +50,7 @@ function login(clientId, username, password, callback) { }); } -function logout(accessToken, callback) { +function logoutLogic(accessToken, callback) { assert.strictEqual(typeof accessToken, 'string'); assert.strictEqual(typeof callback, 'function'); @@ -50,3 +61,76 @@ function logout(accessToken, callback) { callback(null); }); } + +function login(req, res, next) { + assert.strictEqual(typeof req.body, 'object'); + + if (typeof req.body.clientId !== 'string') return next(new HttpError(400, 'clientId is required')); + if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username is required')); + if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password is required')); + + loginLogic(req.body.clientId, req.body.username, req.body.password, function (error, result) { + if (error && error.reason === DatabaseError.NOT_FOUND) return next(new HttpError(401, 'Unknown client')); + if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(401, 'Forbidden')); + if (error && error.reason === UserError.WRONG_PASSWORD) return next(new HttpError(401, 'Forbidden')); + if (error) return next(new HttpError(500, error)); + + var tmp = { + accessToken: result.accessToken, + user: { + id: result.user.id, + username: result.user.username, + email: result.user.email, + admin: !!result.user.admin + } + }; + + next(new HttpSuccess(201, tmp)); + }); +} + +function logout(req, res, next) { + assert.strictEqual(typeof req.body, 'object'); + + if (typeof req.body.accessToken !== 'string') return next(new HttpError(400, 'accessToken required')); + + logoutLogic(req.body.accessToken, function (error) { + if (error) return next(new HttpError(500, error)); + + next(new HttpSuccess(200, {})); + }); +} + +function initializeExpressSync() { + var app = express(); + var httpServer = http.createServer(app); + + httpServer.on('error', console.error); + + var json = middleware.json({ strict: true, limit: '100kb' }); + var router = new express.Router(); + + // basic auth + router.post('/api/v1/login', login); + router.get ('/api/v1/logout', logout); + + app + .use(middleware.timeout(10000)) + .use(json) + .use(router); + + return httpServer; +} + +function start(callback) { + assert.strictEqual(typeof callback, 'function'); + + gHttpServer = initializeExpressSync(); + gHttpServer.listen(config.get('simpleAuthPort'), '127.0.0.1', callback); +} + +function stop(callback) { + assert.strictEqual(typeof callback, 'function'); + + gHttpServer.close(callback); +}