From 2020e457cf5e7d14926f4f4d882c7505d352eb9f Mon Sep 17 00:00:00 2001 From: NGPixel Date: Sun, 30 Jul 2017 00:04:57 -0400 Subject: [PATCH] feat: modular auth + logging changes --- server/authentication/azure.js | 42 ++++++++++----------- server/authentication/facebook.js | 32 ++++++++-------- server/authentication/github.js | 32 ++++++++-------- server/authentication/google.js | 30 +++++++-------- server/authentication/ldap.js | 59 +++++++++++++++--------------- server/authentication/local.js | 44 +++++++++++----------- server/authentication/microsoft.js | 30 +++++++-------- server/authentication/slack.js | 30 +++++++-------- server/controllers/uploads.js | 3 ++ server/master.js | 6 +-- server/modules/auth.js | 28 +++++++++++--- server/modules/config.js | 11 ------ server/modules/db.js | 2 +- server/modules/disk.js | 4 +- server/modules/git.js | 6 +-- 15 files changed, 174 insertions(+), 185 deletions(-) diff --git a/server/authentication/azure.js b/server/authentication/azure.js index 1759aa9f..c54830ef 100644 --- a/server/authentication/azure.js +++ b/server/authentication/azure.js @@ -8,26 +8,24 @@ const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy -module.exports = (passport) => { - if (wiki.config.auth.azure && wiki.config.auth.azure.enabled) { - const jwt = require('jsonwebtoken') - passport.use('azure_ad_oauth2', - new AzureAdOAuth2Strategy({ - clientID: wiki.config.auth.azure.clientId, - clientSecret: wiki.config.auth.azure.clientSecret, - callbackURL: wiki.config.host + '/login/azure/callback', - resource: wiki.config.auth.azure.resource, - tenant: wiki.config.auth.azure.tenant - }, (accessToken, refreshToken, params, profile, cb) => { - let waadProfile = jwt.decode(params.id_token) - waadProfile.id = waadProfile.oid - waadProfile.provider = 'azure' - wiki.db.User.processProfile(waadProfile).then((user) => { - return cb(null, user) || true - }).catch((err) => { - return cb(err, null) || true - }) - } - )) - } +module.exports = (passport, conf) => { + const jwt = require('jsonwebtoken') + passport.use('azure_ad_oauth2', + new AzureAdOAuth2Strategy({ + clientID: conf.clientId, + clientSecret: conf.clientSecret, + callbackURL: conf.callbackURL, + resource: conf.resource, + tenant: conf.tenant + }, (accessToken, refreshToken, params, profile, cb) => { + let waadProfile = jwt.decode(params.id_token) + waadProfile.id = waadProfile.oid + waadProfile.provider = 'azure' + wiki.db.User.processProfile(waadProfile).then((user) => { + return cb(null, user) || true + }).catch((err) => { + return cb(err, null) || true + }) + } + )) } diff --git a/server/authentication/facebook.js b/server/authentication/facebook.js index db1c4ef9..1a1d3822 100644 --- a/server/authentication/facebook.js +++ b/server/authentication/facebook.js @@ -8,21 +8,19 @@ const FacebookStrategy = require('passport-facebook').Strategy -module.exports = (passport) => { - if (wiki.config.auth.facebook && wiki.config.auth.facebook.enabled) { - passport.use('facebook', - new FacebookStrategy({ - clientID: wiki.config.auth.facebook.clientId, - clientSecret: wiki.config.auth.facebook.clientSecret, - callbackURL: wiki.config.host + '/login/facebook/callback', - profileFields: ['id', 'displayName', 'email'] - }, function (accessToken, refreshToken, profile, cb) { - wiki.db.User.processProfile(profile).then((user) => { - return cb(null, user) || true - }).catch((err) => { - return cb(err, null) || true - }) - } - )) - } +module.exports = (passport, conf) => { + passport.use('facebook', + new FacebookStrategy({ + clientID: conf.clientId, + clientSecret: conf.clientSecret, + callbackURL: conf.callbackURL, + profileFields: ['id', 'displayName', 'email'] + }, function (accessToken, refreshToken, profile, cb) { + wiki.db.User.processProfile(profile).then((user) => { + return cb(null, user) || true + }).catch((err) => { + return cb(err, null) || true + }) + } + )) } diff --git a/server/authentication/github.js b/server/authentication/github.js index c26df1b3..7c225e6a 100644 --- a/server/authentication/github.js +++ b/server/authentication/github.js @@ -8,21 +8,19 @@ const GitHubStrategy = require('passport-github2').Strategy -module.exports = (passport) => { - if (wiki.config.auth.github && wiki.config.auth.github.enabled) { - passport.use('github', - new GitHubStrategy({ - clientID: wiki.config.auth.github.clientId, - clientSecret: wiki.config.auth.github.clientSecret, - callbackURL: wiki.config.host + '/login/github/callback', - scope: ['user:email'] - }, (accessToken, refreshToken, profile, cb) => { - wiki.db.User.processProfile(profile).then((user) => { - return cb(null, user) || true - }).catch((err) => { - return cb(err, null) || true - }) - } - )) - } +module.exports = (passport, conf) => { + passport.use('github', + new GitHubStrategy({ + clientID: conf.clientId, + clientSecret: conf.clientSecret, + callbackURL: conf.callbackURL, + scope: ['user:email'] + }, (accessToken, refreshToken, profile, cb) => { + wiki.db.User.processProfile(profile).then((user) => { + return cb(null, user) || true + }).catch((err) => { + return cb(err, null) || true + }) + } + )) } diff --git a/server/authentication/google.js b/server/authentication/google.js index 12d51f2e..9531f4a8 100644 --- a/server/authentication/google.js +++ b/server/authentication/google.js @@ -8,20 +8,18 @@ const GoogleStrategy = require('passport-google-oauth20').Strategy -module.exports = (passport) => { - if (wiki.config.auth.google && wiki.config.auth.google.enabled) { - passport.use('google', - new GoogleStrategy({ - clientID: wiki.config.auth.google.clientId, - clientSecret: wiki.config.auth.google.clientSecret, - callbackURL: wiki.config.host + '/login/google/callback' - }, (accessToken, refreshToken, profile, cb) => { - wiki.db.User.processProfile(profile).then((user) => { - return cb(null, user) || true - }).catch((err) => { - return cb(err, null) || true - }) - } - )) - } +module.exports = (passport, conf) => { + passport.use('google', + new GoogleStrategy({ + clientID: conf.clientId, + clientSecret: conf.clientSecret, + callbackURL: conf.callbackURL + }, (accessToken, refreshToken, profile, cb) => { + wiki.db.User.processProfile(profile).then((user) => { + return cb(null, user) || true + }).catch((err) => { + return cb(err, null) || true + }) + } + )) } diff --git a/server/authentication/ldap.js b/server/authentication/ldap.js index cc3ebf7c..0eb4ccbe 100644 --- a/server/authentication/ldap.js +++ b/server/authentication/ldap.js @@ -7,35 +7,34 @@ // ------------------------------------ const LdapStrategy = require('passport-ldapauth').Strategy +const fs = require('fs') -module.exports = (passport) => { - if (wiki.config.auth.ldap && wiki.config.auth.ldap.enabled) { - passport.use('ldapauth', - new LdapStrategy({ - server: { - url: wiki.config.auth.ldap.url, - bindDn: wiki.config.auth.ldap.bindDn, - bindCredentials: wiki.config.auth.ldap.bindCredentials, - searchBase: wiki.config.auth.ldap.searchBase, - searchFilter: wiki.config.auth.ldap.searchFilter, - searchAttributes: ['displayName', 'name', 'cn', 'mail'], - tlsOptions: (wiki.config.auth.ldap.tlsEnabled) ? { - ca: [ - fs.readFileSync(wiki.config.auth.ldap.tlsCertPath) - ] - } : {} - }, - usernameField: 'email', - passReqToCallback: false - }, (profile, cb) => { - profile.provider = 'ldap' - profile.id = profile.dn - wiki.db.User.processProfile(profile).then((user) => { - return cb(null, user) || true - }).catch((err) => { - return cb(err, null) || true - }) - } - )) - } +module.exports = (passport, conf) => { + passport.use('ldapauth', + new LdapStrategy({ + server: { + url: conf.url, + bindDn: conf.bindDn, + bindCredentials: conf.bindCredentials, + searchBase: conf.searchBase, + searchFilter: conf.searchFilter, + searchAttributes: ['displayName', 'name', 'cn', 'mail'], + tlsOptions: (conf.tlsEnabled) ? { + ca: [ + fs.readFileSync(conf.tlsCertPath) + ] + } : {} + }, + usernameField: 'email', + passReqToCallback: false + }, (profile, cb) => { + profile.provider = 'ldap' + profile.id = profile.dn + wiki.db.User.processProfile(profile).then((user) => { + return cb(null, user) || true + }).catch((err) => { + return cb(err, null) || true + }) + } + )) } diff --git a/server/authentication/local.js b/server/authentication/local.js index 3af57126..ae00171b 100644 --- a/server/authentication/local.js +++ b/server/authentication/local.js @@ -8,27 +8,25 @@ const LocalStrategy = require('passport-local').Strategy -module.exports = (passport) => { - if (wiki.config.auth.local && wiki.config.auth.local.enabled) { - passport.use('local', - new LocalStrategy({ - usernameField: 'email', - passwordField: 'password' - }, (uEmail, uPassword, done) => { - wiki.db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => { - if (user) { - return user.validatePassword(uPassword).then(() => { - return done(null, user) || true - }).catch((err) => { - return done(err, null) - }) - } else { - return done(new Error('INVALID_LOGIN'), null) - } - }).catch((err) => { - done(err, null) - }) - } - )) - } +module.exports = (passport, conf) => { + passport.use('local', + new LocalStrategy({ + usernameField: 'email', + passwordField: 'password' + }, (uEmail, uPassword, done) => { + wiki.db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => { + if (user) { + return user.validatePassword(uPassword).then(() => { + return done(null, user) || true + }).catch((err) => { + return done(err, null) + }) + } else { + return done(new Error('INVALID_LOGIN'), null) + } + }).catch((err) => { + done(err, null) + }) + } + )) } diff --git a/server/authentication/microsoft.js b/server/authentication/microsoft.js index 1d39eb47..6ccd1b88 100644 --- a/server/authentication/microsoft.js +++ b/server/authentication/microsoft.js @@ -8,20 +8,18 @@ const WindowsLiveStrategy = require('passport-windowslive').Strategy -module.exports = (passport) => { - if (wiki.config.auth.microsoft && wiki.config.auth.microsoft.enabled) { - passport.use('windowslive', - new WindowsLiveStrategy({ - clientID: wiki.config.auth.microsoft.clientId, - clientSecret: wiki.config.auth.microsoft.clientSecret, - callbackURL: wiki.config.host + '/login/ms/callback' - }, function (accessToken, refreshToken, profile, cb) { - wiki.db.User.processProfile(profile).then((user) => { - return cb(null, user) || true - }).catch((err) => { - return cb(err, null) || true - }) - } - )) - } +module.exports = (passport, conf) => { + passport.use('windowslive', + new WindowsLiveStrategy({ + clientID: conf.clientId, + clientSecret: conf.clientSecret, + callbackURL: conf.callbackURL + }, function (accessToken, refreshToken, profile, cb) { + wiki.db.User.processProfile(profile).then((user) => { + return cb(null, user) || true + }).catch((err) => { + return cb(err, null) || true + }) + } + )) } diff --git a/server/authentication/slack.js b/server/authentication/slack.js index dcc8a7f2..778d6abf 100644 --- a/server/authentication/slack.js +++ b/server/authentication/slack.js @@ -8,20 +8,18 @@ const SlackStrategy = require('passport-slack').Strategy -module.exports = (passport) => { - if (wiki.config.auth.slack && wiki.config.auth.slack.enabled) { - passport.use('slack', - new SlackStrategy({ - clientID: wiki.config.auth.slack.clientId, - clientSecret: wiki.config.auth.slack.clientSecret, - callbackURL: wiki.config.host + '/login/slack/callback' - }, (accessToken, refreshToken, profile, cb) => { - wiki.db.User.processProfile(profile).then((user) => { - return cb(null, user) || true - }).catch((err) => { - return cb(err, null) || true - }) - } - )) - } +module.exports = (passport, conf) => { + passport.use('slack', + new SlackStrategy({ + clientID: conf.clientId, + clientSecret: conf.clientSecret, + callbackURL: conf.callbackURL + }, (accessToken, refreshToken, profile, cb) => { + wiki.db.User.processProfile(profile).then((user) => { + return cb(null, user) || true + }).catch((err) => { + return cb(err, null) || true + }) + } + )) } diff --git a/server/controllers/uploads.js b/server/controllers/uploads.js index d7321c41..40b19e68 100644 --- a/server/controllers/uploads.js +++ b/server/controllers/uploads.js @@ -2,6 +2,9 @@ /* global wiki */ +module.exports = false +return + const express = require('express') const router = express.Router() diff --git a/server/master.js b/server/master.js index 12248ba4..0ce0bf19 100644 --- a/server/master.js +++ b/server/master.js @@ -147,7 +147,7 @@ module.exports = Promise.join( app.use('/graphql', graphqlApollo.graphqlExpress({ schema: graphqlSchema })) app.use('/graphiql', graphqlApollo.graphiqlExpress({ endpointURL: '/graphql' })) - app.use('/uploads', mw.auth, ctrl.uploads) + // app.use('/uploads', mw.auth, ctrl.uploads) app.use('/admin', mw.auth, ctrl.admin) app.use('/', mw.auth, ctrl.pages) @@ -173,7 +173,7 @@ module.exports = Promise.join( // Start HTTP server // ---------------------------------------- - wiki.logger.info('Starting HTTP/WS server on port ' + wiki.config.port + '...') + wiki.logger.info(`HTTP/WS Server on port: ${wiki.config.port}`) app.set('port', wiki.config.port) var server = http.createServer(app) @@ -199,7 +199,7 @@ module.exports = Promise.join( }) server.on('listening', () => { - wiki.logger.info('HTTP/WS server started successfully! [RUNNING]') + wiki.logger.info('HTTP/WS Server: RUNNING') }) // ---------------------------------------- diff --git a/server/modules/auth.js b/server/modules/auth.js index 3e96e730..45ee1b9e 100644 --- a/server/modules/auth.js +++ b/server/modules/auth.js @@ -2,9 +2,9 @@ /* global wiki */ -const fs = require('fs') +const _ = require('lodash') -module.exports = function (passport) { +module.exports = (passport) => { // Serialization user methods passport.serializeUser(function (user, done) { @@ -24,12 +24,28 @@ module.exports = function (passport) { }) }) - // Create users for first-time + // Load authentication strategies - return wiki.db.User.findOne({ provider: 'local', email: 'guest@example.com' }).then((c) => { + wiki.config.authStrategies = { + list: _.pickBy(wiki.config.auth, strategy => strategy.enabled), + socialEnabled: (_.chain(wiki.config.auth).omit('local').filter(['enabled', true]).value().length > 0) + } + + _.forOwn(wiki.config.authStrategies.list, (strategyConfig, strategyName) => { + strategyConfig.callbackURL = `${wiki.config.site.host}/login/${strategyName}/callback` + require(`../authentication/${strategyName}`)(passport, strategyConfig) + wiki.logger.info(`Authentication Provider ${_.upperFirst(strategyName)}: OK`) + }) + + // Create Guest account for first-time + + return wiki.db.User.findOne({ + where: { + provider: 'local', + email: 'guest@example.com' + } + }).then((c) => { if (c < 1) { - // Create guest account - return wiki.db.User.create({ provider: 'local', email: 'guest@example.com', diff --git a/server/modules/config.js b/server/modules/config.js index bb07c02f..da67d29f 100644 --- a/server/modules/config.js +++ b/server/modules/config.js @@ -57,17 +57,6 @@ module.exports = { // List authentication strategies wiki.config = appconfig wiki.data = appdata - - // List authentication strategies - - // appconfig.authStrategies = { - // list: _.filter(appconfig.auth, ['enabled', true]), - // socialEnabled: (_.chain(appconfig.auth).omit('local').filter(['enabled', true]).value().length > 0) - // } - // if (appconfig.authStrategies.list.length < 1) { - // console.error(new Error('You must enable at least 1 authentication strategy!')) - // process.exit(1) - // } }, /** diff --git a/server/modules/db.js b/server/modules/db.js index 36bbfadc..3654afd2 100644 --- a/server/modules/db.js +++ b/server/modules/db.js @@ -41,7 +41,7 @@ module.exports = { // Attempt to connect and authenticate to DB self.inst.authenticate().then(() => { - wiki.logger.info('Connected to PostgreSQL database.') + wiki.logger.info('Database (PostgreSQL) connection: OK') }).catch(err => { wiki.logger.error('Failed to connect to MongoDB instance.') return err diff --git a/server/modules/disk.js b/server/modules/disk.js index 88c54279..0fafcd68 100644 --- a/server/modules/disk.js +++ b/server/modules/disk.js @@ -94,8 +94,6 @@ module.exports = { * Creates a base directories (Synchronous). */ createBaseDirectories () { - wiki.logger.info('Checking data directories...') - try { fs.ensureDirSync(path.resolve(wiki.ROOTPATH, wiki.config.paths.data)) fs.emptyDirSync(path.resolve(wiki.ROOTPATH, wiki.config.paths.data)) @@ -117,7 +115,7 @@ module.exports = { wiki.logger.error(err) } - wiki.logger.info('Data and Repository directories are OK.') + wiki.logger.info('Disk Data Paths: OK') }, /** diff --git a/server/modules/git.js b/server/modules/git.js index 4c58a48f..dedd9b6b 100644 --- a/server/modules/git.js +++ b/server/modules/git.js @@ -71,8 +71,6 @@ module.exports = { _initRepo() { let self = this - wiki.logger.info('Checking Git repository...') - // -> Check if path is accessible return fs.mkdirAsync(self._repo.path).catch((err) => { @@ -92,7 +90,7 @@ module.exports = { }) }).then(() => { if (wiki.config.git === false) { - wiki.logger.info('Remote Git syncing is disabled. Not recommended!') + wiki.logger.warn('Remote Git syncing is disabled. Not recommended!') return Promise.resolve(true) } @@ -132,7 +130,7 @@ module.exports = { wiki.logger.error('Git remote error!') throw err }).then(() => { - wiki.logger.info('Git repository is OK.') + wiki.logger.info('Git Repository: OK') return true }) },