2016-05-26 02:17:42 +08:00
|
|
|
///<reference path="../customtypings/ExtendedRequest.d.ts"/>
|
2016-03-20 00:31:42 +08:00
|
|
|
import {NextFunction, Request, Response} from "express";
|
2016-05-26 02:17:42 +08:00
|
|
|
import {Error, ErrorCodes} from "../../../common/entities/Error";
|
2017-07-04 01:17:49 +08:00
|
|
|
import {UserDTO, UserRoles, UserUtil} from "../../../common/entities/UserDTO";
|
2016-05-26 02:17:42 +08:00
|
|
|
import {ObjectManagerRepository} from "../../model/ObjectManagerRepository";
|
2017-06-04 21:25:08 +08:00
|
|
|
import {Config} from "../../../common/config/private/Config";
|
2016-03-20 00:31:42 +08:00
|
|
|
|
2016-03-26 18:19:10 +08:00
|
|
|
export class AuthenticationMWs {
|
2016-03-20 00:31:42 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
private static async getSharingUser(req: Request) {
|
|
|
|
|
if (Config.Client.Sharing.enabled === true &&
|
|
|
|
|
Config.Client.Sharing.passwordProtected === false &&
|
|
|
|
|
(!!req.query.sk || !!req.params.sharingKey)) {
|
|
|
|
|
const sharing = await ObjectManagerRepository.getInstance().SharingManager.findOne({
|
|
|
|
|
sharingKey: req.query.sk || req.params.sharingKey,
|
|
|
|
|
});
|
|
|
|
|
if (!sharing) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2016-12-27 06:36:38 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
let path = sharing.path;
|
|
|
|
|
if (sharing.includeSubfolders == true) {
|
|
|
|
|
path += "*";
|
|
|
|
|
}
|
|
|
|
|
return <UserDTO>{name: "Guest", role: UserRoles.Guest, permissions: [path]};
|
2016-05-09 23:04:56 +08:00
|
|
|
|
2016-03-20 00:31:42 +08:00
|
|
|
}
|
2017-07-04 01:17:49 +08:00
|
|
|
return null;
|
|
|
|
|
}
|
2016-05-09 23:04:56 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
public static async authenticate(req: Request, res: Response, next: NextFunction) {
|
|
|
|
|
|
|
|
|
|
if (Config.Client.authenticationRequired === false) {
|
|
|
|
|
req.session.user = <UserDTO>{name: "", role: UserRoles.Admin};
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
const user = await AuthenticationMWs.getSharingUser(req);
|
|
|
|
|
if (!!user) {
|
|
|
|
|
req.session.user = user;
|
2016-03-20 00:31:42 +08:00
|
|
|
return next();
|
2017-07-04 01:17:49 +08:00
|
|
|
}
|
|
|
|
|
} catch (err) {
|
|
|
|
|
console.error(err);
|
|
|
|
|
return next(new Error(ErrorCodes.CREDENTIAL_NOT_FOUND));
|
|
|
|
|
}
|
|
|
|
|
if (typeof req.session.user === 'undefined') {
|
|
|
|
|
return next(new Error(ErrorCodes.NOT_AUTHENTICATED));
|
2016-03-20 00:31:42 +08:00
|
|
|
}
|
2017-07-04 01:17:49 +08:00
|
|
|
return next();
|
|
|
|
|
}
|
2016-05-09 23:04:56 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
public static authorise(role: UserRoles) {
|
|
|
|
|
return (req: Request, res: Response, next: NextFunction) => {
|
|
|
|
|
if (req.session.user.role < role) {
|
|
|
|
|
return next(new Error(ErrorCodes.NOT_AUTHORISED));
|
|
|
|
|
}
|
|
|
|
|
return next();
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static authoriseDirectory(req: Request, res: Response, next: NextFunction) {
|
|
|
|
|
if (req.session.user.permissions == null ||
|
|
|
|
|
req.session.user.permissions.length == 0 ||
|
|
|
|
|
req.session.user.permissions[0] == "/") {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
2016-05-17 05:15:03 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
const directoryName = req.params.directory || "/";
|
|
|
|
|
if (UserUtil.isPathAvailable(directoryName, req.session.user.permissions) == true) {
|
|
|
|
|
return next();
|
2016-03-20 00:31:42 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
}
|
|
|
|
|
return next(new Error(ErrorCodes.PERMISSION_DENIED));
|
|
|
|
|
}
|
2016-03-20 00:31:42 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
public static inverseAuthenticate(req: Request, res: Response, next: NextFunction) {
|
|
|
|
|
if (typeof req.session.user !== 'undefined') {
|
|
|
|
|
return next(new Error(ErrorCodes.ALREADY_AUTHENTICATED));
|
|
|
|
|
}
|
|
|
|
|
return next();
|
|
|
|
|
}
|
2016-03-20 00:31:42 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
public static async login(req: Request, res: Response, next: NextFunction) {
|
|
|
|
|
|
|
|
|
|
//not enough parameter
|
|
|
|
|
if ((typeof req.body === 'undefined') || (typeof req.body.loginCredential === 'undefined') || (typeof req.body.loginCredential.username === 'undefined') ||
|
|
|
|
|
(typeof req.body.loginCredential.password === 'undefined')) {
|
|
|
|
|
return next(new Error(ErrorCodes.INPUT_ERROR));
|
2016-03-20 00:31:42 +08:00
|
|
|
}
|
2017-07-08 15:43:05 +08:00
|
|
|
//TODO: implement remember me
|
2017-07-04 01:17:49 +08:00
|
|
|
try {
|
|
|
|
|
//lets find the user
|
|
|
|
|
req.session.user = await ObjectManagerRepository.getInstance().UserManager.findOne({
|
|
|
|
|
name: req.body.loginCredential.username,
|
|
|
|
|
password: req.body.loginCredential.password
|
|
|
|
|
});
|
|
|
|
|
return next();
|
2016-03-20 00:31:42 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
} catch (err) {
|
|
|
|
|
//if its a shared link, login as guest
|
|
|
|
|
try {
|
|
|
|
|
const user = await AuthenticationMWs.getSharingUser(req);
|
|
|
|
|
if (user) {
|
|
|
|
|
req.session.user = user;
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
} catch (err) {
|
|
|
|
|
console.error(err);
|
|
|
|
|
return next(new Error(ErrorCodes.CREDENTIAL_NOT_FOUND));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
console.error(err);
|
|
|
|
|
return next(new Error(ErrorCodes.CREDENTIAL_NOT_FOUND));
|
2016-05-17 05:15:03 +08:00
|
|
|
}
|
2016-03-20 00:31:42 +08:00
|
|
|
|
2017-07-04 01:17:49 +08:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static logout(req: Request, res: Response, next: NextFunction) {
|
|
|
|
|
delete req.session.user;
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
