moved ALL client-related operations to lib/clients.js
This commit is contained in:
siacomuzzi
Родитель
efe52ab4e0
Коммит
1870ba87af
123
app.js
123
app.js
|
|
@ -24,7 +24,8 @@ nconf
|
|||
'DOMAIN_URL_DOCS': 'https://localhost:5050',
|
||||
'WIDGET_FALLBACK_CLIENTID': 'aCbTAJNi5HbsjPJtRpSP6BIoLPOrSj2C',
|
||||
'LOGIN_WIDGET_URL': 'https://d19p4zemcycm7a.cloudfront.net/w2/auth0-widget-1.3.2.min.js',
|
||||
'AUTH0JS_URL': 'https://d19p4zemcycm7a.cloudfront.net/w2/auth0-1.0.0.min.js'
|
||||
'AUTH0JS_URL': 'https://d19p4zemcycm7a.cloudfront.net/w2/auth0-1.0.0.min.js',
|
||||
'SENSITIVE_DATA_ENCRYPTION_KEY': '0123456789'
|
||||
});
|
||||
|
||||
if (!nconf.get('LOGIN_WIDGET_URL')) {
|
||||
|
|
@ -36,6 +37,7 @@ if (!nconf.get('AUTH0JS_URL')) {
|
|||
}
|
||||
|
||||
var connections = require('./lib/connections');
|
||||
var clients = require('./lib/clients');
|
||||
|
||||
var getDb = require('./lib/data');
|
||||
var sessionStore = require('./lib/sessionStore');
|
||||
|
|
@ -148,30 +150,27 @@ var overrideIfAuthenticated = function (req, res, next) {
|
|||
queryDoc.clientID = req.session.selectedClient;
|
||||
}
|
||||
|
||||
getDb(function(db){
|
||||
clients.find(queryDoc, function (err, clients) {
|
||||
if (err) {
|
||||
winston.error("error: " + err);
|
||||
return next(err);
|
||||
}
|
||||
|
||||
db.collection('clients').find(queryDoc).toArray(function(err, clients){
|
||||
if(err) {
|
||||
winston.error("error: " + err);
|
||||
return next(err);
|
||||
}
|
||||
if (clients.length === 0) return next();
|
||||
|
||||
if (clients.length === 0) return next();
|
||||
res.locals.account.loggedIn = true;
|
||||
res.locals.account.clients = clients;
|
||||
var client = clients[0];
|
||||
|
||||
res.locals.account.loggedIn = true;
|
||||
res.locals.account.clients = clients;
|
||||
var client = clients[0];
|
||||
|
||||
winston.debug('client found');
|
||||
res.locals.account.appName = client.name && client.name.trim !== '' ? client.name : 'Your App';
|
||||
res.locals.account.userName = req.user.name;
|
||||
res.locals.account.namespace = nconf.get('DOMAIN_URL_SERVER').replace('{tenant}', client.tenant);
|
||||
res.locals.account.tenant = client.tenant;
|
||||
res.locals.account.clientId = client.clientID;
|
||||
res.locals.account.clientSecret = client.clientSecret;
|
||||
res.locals.account.callback = client.callback;
|
||||
next();
|
||||
});
|
||||
winston.debug('client found');
|
||||
res.locals.account.appName = client.name && client.name.trim !== '' ? client.name : 'Your App';
|
||||
res.locals.account.userName = req.user.name;
|
||||
res.locals.account.namespace = nconf.get('DOMAIN_URL_SERVER').replace('{tenant}', client.tenant);
|
||||
res.locals.account.tenant = client.tenant;
|
||||
res.locals.account.clientId = client.clientID;
|
||||
res.locals.account.clientSecret = client.clientSecret;
|
||||
res.locals.account.callback = client.callback;
|
||||
next();
|
||||
});
|
||||
};
|
||||
|
||||
|
|
@ -181,64 +180,52 @@ var overrideIfClientInQsForPublicAllowedUrls = function (req, res, next) {
|
|||
if (!~public_allowed_tutorials.indexOf(req.originalUrl)) {
|
||||
return next();
|
||||
}
|
||||
if (!req.query || !req.query.a)
|
||||
return next();
|
||||
|
||||
getDb(function(db){
|
||||
db.collection('clients').findOne({clientID: req.query.a}, function(err, client){
|
||||
if(err) {
|
||||
console.error("error: " + err);
|
||||
return next(err);
|
||||
}
|
||||
if (!req.query || !req.query.a) return next();
|
||||
|
||||
if(!client) {
|
||||
return res.send(404, 'client not found');
|
||||
}
|
||||
clients.findByClientId(req.query.a, { signingKey: 0 }, function (err, client) {
|
||||
if (err) {
|
||||
console.error("error: " + err);
|
||||
return next(err);
|
||||
}
|
||||
|
||||
res.locals.account.appName = client.name && client.name.trim !== '' ? client.name : 'Your App';
|
||||
res.locals.account.namespace = nconf.get('DOMAIN_URL_SERVER').replace('{tenant}', client.tenant);
|
||||
res.locals.account.tenant = client.tenant;
|
||||
res.locals.account.clientId = client.clientID;
|
||||
res.locals.account.clientSecret = client.clientSecret;
|
||||
res.locals.account.callback = client.callback;
|
||||
if (!client) {
|
||||
return res.send(404, 'client not found');
|
||||
}
|
||||
|
||||
next();
|
||||
});
|
||||
res.locals.account.appName = client.name && client.name.trim !== '' ? client.name : 'Your App';
|
||||
res.locals.account.namespace = nconf.get('DOMAIN_URL_SERVER').replace('{tenant}', client.tenant);
|
||||
res.locals.account.tenant = client.tenant;
|
||||
res.locals.account.clientId = client.clientID;
|
||||
res.locals.account.clientSecret = client.clientSecret;
|
||||
res.locals.account.callback = client.callback;
|
||||
|
||||
next();
|
||||
});
|
||||
};
|
||||
|
||||
var overrideIfClientInQs = function (req, res, next) {
|
||||
if (!req.query || !req.query.a)
|
||||
return next();
|
||||
if (!req.query || !req.query.a) return next();
|
||||
if (!req.user || !req.user.tenant) return next();
|
||||
|
||||
if (!req.user || !req.user.tenant){
|
||||
return next();
|
||||
}
|
||||
clients.findByTenantAndClientId(req.user.tenant, req.query.a, function (err, client) {
|
||||
if (err) {
|
||||
console.error("error: " + err);
|
||||
return next(err);
|
||||
}
|
||||
|
||||
getDb(function(db){
|
||||
var query = {
|
||||
clientID: req.query.a,
|
||||
tenant: req.user.tenant
|
||||
};
|
||||
db.collection('clients').findOne(query, function(err, client){
|
||||
if(err) {
|
||||
console.error("error: " + err);
|
||||
return next(err);
|
||||
}
|
||||
if (!client) {
|
||||
return res.send(404, 'client not found');
|
||||
}
|
||||
|
||||
if(!client) {
|
||||
return res.send(404, 'client not found');
|
||||
}
|
||||
res.locals.account.appName = client.name && client.name.trim !== '' ? client.name : 'Your App';
|
||||
res.locals.account.namespace = nconf.get('DOMAIN_URL_SERVER').replace('{tenant}', client.tenant);
|
||||
res.locals.account.tenant = client.tenant;
|
||||
res.locals.account.clientId = client.clientID;
|
||||
res.locals.account.clientSecret = client.clientSecret;
|
||||
res.locals.account.callback = client.callback;
|
||||
|
||||
res.locals.account.appName = client.name && client.name.trim !== '' ? client.name : 'Your App';
|
||||
res.locals.account.namespace = nconf.get('DOMAIN_URL_SERVER').replace('{tenant}', client.tenant);
|
||||
res.locals.account.tenant = client.tenant;
|
||||
res.locals.account.clientId = client.clientID;
|
||||
res.locals.account.clientSecret = client.clientSecret;
|
||||
res.locals.account.callback = client.callback;
|
||||
|
||||
next();
|
||||
});
|
||||
next();
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,97 @@
|
|||
var clients = module.exports;
|
||||
var nconf = require('nconf');
|
||||
var utils = require('./utils');
|
||||
var getDb = require('./data');
|
||||
|
||||
function decryptSensitiveFields (client) {
|
||||
if (!client || client.encrypted !== true) return client;
|
||||
|
||||
var key = nconf.get('SENSITIVE_DATA_ENCRYPTION_KEY');
|
||||
sensitiveFields.forEach(function (f) {
|
||||
if (client[f]) {
|
||||
client[f] = utils.decryptAesSha256(key, client[f]);
|
||||
}
|
||||
});
|
||||
|
||||
if (client.signingKey && client.signingKey.key) {
|
||||
client.signingKey.key = utils.decryptAesSha256(key, client.signingKey.key);
|
||||
}
|
||||
|
||||
return client;
|
||||
}
|
||||
|
||||
function ensureFields (fields) {
|
||||
if (!fields) return fields;
|
||||
|
||||
['tenant', 'encrypted'].forEach(function (f) {
|
||||
if (fields[f] === 0) fields[f] = 1;
|
||||
|
||||
Object.keys(fields).forEach(function (k) {
|
||||
if (fields[k] === 1) {
|
||||
fields[f] = 1;
|
||||
return;
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
return fields;
|
||||
}
|
||||
|
||||
clients.findByClientId = function(clientID, fields, callback) {
|
||||
if (typeof fields === 'function') {
|
||||
callback = fields;
|
||||
fields = null;
|
||||
}
|
||||
|
||||
var done = function (err, client) {
|
||||
if (err) return callback(err);
|
||||
callback(null, decryptSensitiveFields(client));
|
||||
};
|
||||
|
||||
getDb(function (db) {
|
||||
if (fields) {
|
||||
ensureFields(fields);
|
||||
db.collection('clients').findOne({clientID: clientID}, fields, done);
|
||||
} else {
|
||||
db.collection('clients').findOne({clientID: clientID}, { signingKey: 0 }, done);
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
clients.findByTenantAndClientId = function(tenant, clientID, fields, callback) {
|
||||
if (typeof fields === 'function') {
|
||||
callback = fields;
|
||||
fields = null;
|
||||
}
|
||||
|
||||
var done = function (err, client) {
|
||||
if (err) return callback(err);
|
||||
callback(null, decryptSensitiveFields(client));
|
||||
};
|
||||
|
||||
getDb(function (db) {
|
||||
if (fields) {
|
||||
ensureFields(fields);
|
||||
db.collection('clients').findOne({tenant: tenant, clientID: clientID}, fields, done);
|
||||
} else {
|
||||
db.collection('clients').findOne({tenant: tenant, clientID: clientID}, { signingKey: 0 }, done);
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
clients.find = function (query, fields, callback) {
|
||||
if (typeof fields === 'function') {
|
||||
callback = fields;
|
||||
fields = { _id: 0 };
|
||||
}
|
||||
|
||||
var done = function (err, clients) {
|
||||
if (err) return callback(err);
|
||||
callback(null, clients.map(function (c) { return decryptSensitiveFields(c); }));
|
||||
};
|
||||
|
||||
getDb(function (db) {
|
||||
ensureFields(fields);
|
||||
db.collection('clients').find(query, fields).toArray(done);
|
||||
});
|
||||
};
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
var crypto = require('crypto');
|
||||
|
||||
exports.decryptAesSha256 = function (key, encryptedText) {
|
||||
try {
|
||||
var decipher = crypto.createDecipher('aes-256-cbc', key);
|
||||
var decrypted = decipher.update(encryptedText, 'hex', 'utf8');
|
||||
decrypted += decipher.final('utf8');
|
||||
return decrypted;
|
||||
} catch (e) {
|
||||
if (e.name !== 'TypeError') throw e;
|
||||
}
|
||||
|
||||
return encryptedText;
|
||||
};
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
var nconf = require('nconf');
|
||||
var getDb = require('../lib/data');
|
||||
var clients = require('../lib/clients');
|
||||
|
||||
var env = nconf.get('NODE_ENV');
|
||||
var cdn = nconf.get('CDN');
|
||||
|
|
@ -8,25 +8,22 @@ var DOMAIN_URL_SDK = nconf.get('DOMAIN_URL_SDK');
|
|||
var DOMAIN_URL_SERVER = nconf.get('DOMAIN_URL_SERVER');
|
||||
|
||||
exports.get = function (clientID, done) {
|
||||
getDb(function (db) {
|
||||
db.collection('clients').findOne({clientID: clientID }, function (err, client) {
|
||||
if (err) return done(err);
|
||||
var tenant_domain = 'https://' + DOMAIN_URL_SERVER.replace('{tenant}', client ? client.tenant : 'YOUR-DOMAIN');
|
||||
|
||||
var sdk_url;
|
||||
clients.findByClientId(clientID, function (err, client) {
|
||||
if (err) return done(err);
|
||||
|
||||
var tenant_domain = 'https://' + DOMAIN_URL_SERVER.replace('{tenant}', client ? client.tenant : 'YOUR-DOMAIN');
|
||||
var sdk_url;
|
||||
|
||||
if (env === 'production' && !disable_cdn) {
|
||||
if (cdn) {
|
||||
sdk_url = 'https://' + DOMAIN_URL_SDK + '/auth0.js#client=' + clientID + '&cdn=https://' + cdn;
|
||||
} else {
|
||||
sdk_url = 'https://' + DOMAIN_URL_SDK + '/auth0.js#client=' + clientID;
|
||||
}
|
||||
} else {
|
||||
sdk_url = 'https://' + DOMAIN_URL_SDK + '/auth0.js#client=' + clientID + '&cdn=' + tenant_domain + '&assets=' + tenant_domain;
|
||||
}
|
||||
if (env === 'production' && !disable_cdn) {
|
||||
if (cdn) {
|
||||
sdk_url = 'https://' + DOMAIN_URL_SDK + '/auth0.js#client=' + clientID + '&cdn=https://' + cdn;
|
||||
} else {
|
||||
sdk_url = 'https://' + DOMAIN_URL_SDK + '/auth0.js#client=' + clientID;
|
||||
}
|
||||
} else {
|
||||
sdk_url = 'https://' + DOMAIN_URL_SDK + '/auth0.js#client=' + clientID + '&cdn=' + tenant_domain + '&assets=' + tenant_domain;
|
||||
}
|
||||
|
||||
done(null, sdk_url, tenant_domain, client);
|
||||
|
||||
});
|
||||
});
|
||||
};
|
||||
done(null, sdk_url, tenant_domain, client);
|
||||
});
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
var nconf = require('nconf');
|
||||
var getDb = require('../lib/data');
|
||||
var clients = require('../lib/clients');
|
||||
|
||||
var env = nconf.get('NODE_ENV');
|
||||
var LOGIN_WIDGET_URL = nconf.get('LOGIN_WIDGET_URL');
|
||||
|
|
@ -7,19 +7,17 @@ var AUTH0JS_URL = nconf.get('AUTH0JS_URL');
|
|||
var DOMAIN_URL_SERVER = nconf.get('DOMAIN_URL_SERVER');
|
||||
|
||||
exports.get = function (clientID, done) {
|
||||
getDb(function (db) {
|
||||
db.collection('clients').findOne({ clientID: clientID }, function (err, client) {
|
||||
if (err) return done(err);
|
||||
clients.findByClientId(clientID, function (err, client) {
|
||||
if (err) return done(err);
|
||||
|
||||
var namespace = DOMAIN_URL_SERVER.replace('{tenant}', client ? client.tenant : 'YOUR-DOMAIN');
|
||||
var tenant_domain = 'https://' + namespace;
|
||||
var assets_url;
|
||||
var namespace = DOMAIN_URL_SERVER.replace('{tenant}', client ? client.tenant : 'YOUR-DOMAIN');
|
||||
var tenant_domain = 'https://' + namespace;
|
||||
var assets_url;
|
||||
|
||||
if (env !== 'production') {
|
||||
assets_url = tenant_domain + '/';
|
||||
}
|
||||
if (env !== 'production') {
|
||||
assets_url = tenant_domain + '/';
|
||||
}
|
||||
|
||||
done(null, LOGIN_WIDGET_URL, assets_url, tenant_domain, namespace, client, AUTH0JS_URL);
|
||||
});
|
||||
done(null, LOGIN_WIDGET_URL, assets_url, tenant_domain, namespace, client, AUTH0JS_URL);
|
||||
});
|
||||
};
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче