1
0
mirror of https://github.com/xuthus83/pigallery2.git synced 2024-11-03 21:04:03 +08:00
pigallery2/backend/middlewares/user/AuthenticationMWs.ts

183 lines
5.8 KiB
TypeScript
Raw Normal View History

2016-05-26 02:17:42 +08:00
///<reference path="../customtypings/ExtendedRequest.d.ts"/>
import {NextFunction, Request, Response} from "express";
2017-07-15 18:47:11 +08:00
import {ErrorCodes, ErrorDTO} from "../../../common/entities/Error";
2017-07-09 18:03:17 +08:00
import {UserDTO, UserRoles} from "../../../common/entities/UserDTO";
2016-05-26 02:17:42 +08:00
import {ObjectManagerRepository} from "../../model/ObjectManagerRepository";
2017-06-04 21:25:08 +08:00
import {Config} from "../../../common/config/private/Config";
2017-07-10 04:36:25 +08:00
import {PasswordHelper} from "../../model/PasswordHelper";
import {Utils} from "../../../common/Utils";
export class AuthenticationMWs {
2017-07-04 01:17:49 +08:00
private static async getSharingUser(req: Request) {
if (Config.Client.Sharing.enabled === true &&
(!!req.query.sk || !!req.params.sharingKey)) {
const sharing = await ObjectManagerRepository.getInstance().SharingManager.findOne({
sharingKey: req.query.sk || req.params.sharingKey,
});
2017-07-09 18:03:17 +08:00
if (!sharing || sharing.expires < Date.now()) {
return null;
}
if (Config.Client.Sharing.passwordProtected === true && sharing.password) {
2017-07-04 01:17:49 +08:00
return null;
}
2016-12-27 06:36:38 +08:00
2017-07-04 01:17:49 +08:00
let path = sharing.path;
if (sharing.includeSubfolders == true) {
path += "*";
}
2017-07-09 18:03:17 +08:00
return <UserDTO>{name: "Guest", role: UserRoles.LimitedGuest, permissions: [path]};
2016-05-09 23:04:56 +08:00
}
2017-07-04 01:17:49 +08:00
return null;
}
2016-05-09 23:04:56 +08:00
2017-07-14 05:39:09 +08:00
public static async tryAuthenticate(req: Request, res: Response, next: NextFunction) {
if (Config.Client.authenticationRequired === false) {
req.session.user = <UserDTO>{name: "Admin", role: UserRoles.Admin};
return next();
}
try {
const user = await AuthenticationMWs.getSharingUser(req);
if (!!user) {
req.session.user = user;
return next();
}
} catch (err) {
}
return next();
}
2017-07-15 23:48:29 +08:00
2017-07-04 01:17:49 +08:00
public static async authenticate(req: Request, res: Response, next: NextFunction) {
if (Config.Client.authenticationRequired === false) {
req.session.user = <UserDTO>{name: "Admin", role: UserRoles.Admin};
2017-07-04 01:17:49 +08:00
return next();
}
try {
const user = await AuthenticationMWs.getSharingUser(req);
if (!!user) {
req.session.user = user;
return next();
2017-07-04 01:17:49 +08:00
}
} catch (err) {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.CREDENTIAL_NOT_FOUND, null, err));
2017-07-04 01:17:49 +08:00
}
if (typeof req.session.user === 'undefined') {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.NOT_AUTHENTICATED));
}
if (req.session.rememberMe === true) {
req.sessionOptions.expires = new Date(Date.now() + Config.Server.sessionTimeout);
} else {
delete(req.sessionOptions.expires);
}
2017-07-04 01:17:49 +08:00
return next();
}
2016-05-09 23:04:56 +08:00
2017-07-04 01:17:49 +08:00
public static authorise(role: UserRoles) {
return (req: Request, res: Response, next: NextFunction) => {
if (req.session.user.role < role) {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED));
2017-07-04 01:17:49 +08:00
}
return next();
};
}
public static authoriseDirectory(req: Request, res: Response, next: NextFunction) {
if (req.session.user.permissions == null ||
req.session.user.permissions.length == 0 ||
2018-02-04 08:50:42 +08:00
req.session.user.permissions[0] == "/*") {
2017-07-04 01:17:49 +08:00
return next();
}
2016-05-17 05:15:03 +08:00
2017-07-04 01:17:49 +08:00
const directoryName = req.params.directory || "/";
2017-07-09 18:03:17 +08:00
if (UserDTO.isPathAvailable(directoryName, req.session.user.permissions) == true) {
2017-07-04 01:17:49 +08:00
return next();
}
2018-02-04 08:50:42 +08:00
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.PERMISSION_DENIED));
2017-07-04 01:17:49 +08:00
}
2017-07-04 01:17:49 +08:00
public static inverseAuthenticate(req: Request, res: Response, next: NextFunction) {
if (typeof req.session.user !== 'undefined') {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.ALREADY_AUTHENTICATED));
2017-07-04 01:17:49 +08:00
}
return next();
}
2017-07-04 01:17:49 +08:00
public static async login(req: Request, res: Response, next: NextFunction) {
//not enough parameter
if ((typeof req.body === 'undefined') || (typeof req.body.loginCredential === 'undefined') || (typeof req.body.loginCredential.username === 'undefined') ||
(typeof req.body.loginCredential.password === 'undefined')) {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.INPUT_ERROR));
}
2017-07-04 01:17:49 +08:00
try {
//lets find the user
const user = Utils.clone(await ObjectManagerRepository.getInstance().UserManager.findOne({
2017-07-04 01:17:49 +08:00
name: req.body.loginCredential.username,
password: req.body.loginCredential.password
}));
delete (user.password);
req.session.user = user;
if (req.body.loginCredential.rememberMe) {
req.sessionOptions.expires = new Date(Date.now() + Config.Server.sessionTimeout);
}
2017-07-04 01:17:49 +08:00
return next();
2017-07-04 01:17:49 +08:00
} catch (err) {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.CREDENTIAL_NOT_FOUND));
2016-05-17 05:15:03 +08:00
}
2017-07-04 01:17:49 +08:00
}
2017-07-09 18:03:17 +08:00
public static async shareLogin(req: Request, res: Response, next: NextFunction) {
if (Config.Client.Sharing.enabled === false) {
return next();
}
//not enough parameter
if ((!req.query.sk && !req.params.sharingKey)) {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.INPUT_ERROR, "no sharing key provided"));
2017-07-09 18:03:17 +08:00
}
try {
const password = (req.body ? req.body.password : null) || null;
const sharing = await ObjectManagerRepository.getInstance().SharingManager.findOne({
sharingKey: req.query.sk || req.params.sharingKey,
});
if (!sharing || sharing.expires < Date.now() ||
2017-07-11 15:01:59 +08:00
(Config.Client.Sharing.passwordProtected === true
2018-02-04 08:50:42 +08:00
&& sharing.password && !PasswordHelper.comparePassword(password, sharing.password))) {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.CREDENTIAL_NOT_FOUND));
2017-07-09 18:03:17 +08:00
}
let path = sharing.path;
if (sharing.includeSubfolders == true) {
path += "*";
}
req.session.user = <UserDTO>{name: "Guest", role: UserRoles.LimitedGuest, permissions: [path]};
return next();
} catch (err) {
2017-07-15 18:47:11 +08:00
return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR, null, err));
2017-07-09 18:03:17 +08:00
}
}
2017-07-04 01:17:49 +08:00
public static logout(req: Request, res: Response, next: NextFunction) {
delete req.session.user;
delete req.session.rememberMe;
2017-07-04 01:17:49 +08:00
return next();
}
}