Allow Comms websocket auth to be done via token header

Fixes #2642
2025-03-01 10:36:34 +00:00 · 2020-07-09 19:07:51 +01:00
parent 32163d5f21
commit 1df2f5e96a
4 changed files with 74 additions and 28 deletions
--- a/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
@@ -123,38 +123,57 @@ AnonymousStrategy.prototype.authenticate = function(req) {
    });
 }

+
+function authenticateUserToken(req) {
+    return new Promise( (resolve,reject) => {
+        var token = null;
+        var tokenHeader = Users.tokenHeader();
+        if (Users.tokenHeader() === null) {
+            // No custom user token provided. Fail the request
+            reject();
+            return;
+        } else if (Users.tokenHeader() === 'authorization') {
+            if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+                token = req.headers.authorization.split(' ')[1];
+            }
+        } else {
+            token = req.headers[Users.tokenHeader()];
+        }
+        if (token) {
+            Users.tokens(token).then(function(user) {
+                if (user) {
+                    resolve(user);
+                } else {
+                    reject();
+                }
+            });
+        } else {
+            reject();
+        }
+    });
+}
+
+
 function TokensStrategy() {
  passport.Strategy.call(this);
  this.name = 'tokens';
 }
 util.inherits(TokensStrategy, passport.Strategy);
 TokensStrategy.prototype.authenticate = function(req) {
-    var self = this;
-    var token = null;
-    if (Users.tokenHeader() === 'authorization') {  
-        if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
-            token = req.headers.authorization.split(' ')[1];
-        }
-    } else {
-        token = req.headers[Users.tokenHeader()];
-    }
-    if (token) {
-        Users.tokens(token).then(function(admin) {
-            if (admin) {
-                self.success(admin,{scope:admin.permissions});
-            } else {
-                self.fail(401);
-            }
-        });
-    } else {
-        self.fail(401);
-    }
+    authenticateUserToken(req).then(user => {
+        this.success(user,{scope:user.permissions});
+    }).catch(err => {
+        this.fail(401);
+    });
 }

+
+
 module.exports = {
    bearerStrategy: bearerStrategy,
    clientPasswordStrategy: clientPasswordStrategy,
    passwordTokenExchange: passwordTokenExchange,
    anonymousStrategy: new AnonymousStrategy(),
-    tokensStrategy: new TokensStrategy()
+    tokensStrategy: new TokensStrategy(),
+    authenticateUserToken: authenticateUserToken
 }
--- a/packages/node_modules/@node-red/editor-api/lib/auth/users.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/users.js
@@ -61,7 +61,7 @@ var api = {
    authenticate: authenticate,
    default: getDefaultUser,
    tokens: getDefaultUser,
-    tokenHeader: "authorization"
+    tokenHeader: null
 }

 function init(config) {
@@ -111,6 +111,8 @@ function init(config) {
        api.tokens = config.tokens;
        if (config.tokenHeader && typeof config.tokenHeader === "string") {
            api.tokenHeader = config.tokenHeader.toLowerCase();
+        } else {
+            api.tokenHeader = "authorization";
        }
    }
 }