Add oauth grant

red/api/auth/clients.js

@@ -0,0 +1,32 @@
+/**
+ * Copyright 2014 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+ 
+var when = require("when");
+
+var clients = [
+    {id:"node-red-admin",secret:"not_available"}
+];
+
+module.exports = {
+    get: function(id) {
+        for (var i=0;i<clients.length;i++) {
+            if (clients[i].id == id) {
+                return when.resolve(clients[i]);
+            }
+        }
+        return when.resolve(null);
+    }
+}

red/api/auth/index.js

@@ -0,0 +1,63 @@
+/**
+ * Copyright 2014 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+var passport = require("passport");
+var oauth2orize = require("oauth2orize");
+
+var strategies = require("./strategies");
+
+var settings = require("../../settings");
+
+passport.use(strategies.bearerStrategy.BearerStrategy);
+passport.use(strategies.clientPasswordStrategy.ClientPasswordStrategy);
+
+var server = oauth2orize.createServer();
+
+server.exchange(oauth2orize.exchange.password(strategies.passwordTokenExchange));
+
+function authenticate(req,res,next) {
+    if (settings.httpAdminAuth) {
+        if (/^\/auth\/.*/.test(req.originalUrl)) {
+            next();
+        } else {
+            return passport.authenticate('bearer', { session: false })(req,res,next);
+        }
+    } else {
+        next();
+    }
+}
+
+function ensureClientSecret(req,res,next) {
+    if (!req.body.client_secret) {
+        req.body.client_secret = 'not_available';
+    }
+    next();
+}
+function authenticateClient(req,res,next) {
+    return passport.authenticate(['oauth2-client-password'], {session: false})(req,res,next);
+}
+function getToken(req,res,next) {
+    return server.token()(req,res,next);
+}
+
+
+module.exports = {
+    authenticate: authenticate,
+    ensureClientSecret: ensureClientSecret,
+    authenticateClient: authenticateClient,
+    getToken: getToken,
+    errorHandler: server.errorHandler()
+}

red/api/auth/strategies.js

@@ -0,0 +1,71 @@
+/**
+ * Copyright 2014 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+var BearerStrategy = require('passport-http-bearer').Strategy;
+var ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy;
+
+var crypto = require("crypto");
+
+var tokens = require("./tokens");
+var users = require("./users");
+var clients = require("./clients");
+
+var bearerStrategy = function (accessToken, done) {
+    // is this a valid token?
+    tokens.get(accessToken).then(function(token) {
+        if (token) {
+            users.get(token.user).then(function(user) {
+                if (user) {
+                    done(null,user,{scope:token.scope});
+                } else {
+                    done(null,false);
+                }
+            });
+        } else {
+            done(null,false);
+        }
+    });
+}
+bearerStrategy.BearerStrategy = new BearerStrategy(bearerStrategy);
+
+var clientPasswordStrategy = function(clientId, clientSecret, done) {
+    clients.get(clientId).then(function(client) {
+        if (client && client.secret == clientSecret) {
+            done(null,client);
+        } else {
+            done(null,false);
+        }
+    });
+}
+clientPasswordStrategy.ClientPasswordStrategy = new ClientPasswordStrategy(clientPasswordStrategy);
+
+var passwordTokenExchange = function(client, username, password, scope, done) {
+  users.get(username).then(function(user) {
+      if (user && user.password == crypto.createHash('md5').update(password,'utf8').digest('hex')) {
+          tokens.create(username,client.id,scope).then(function(token) {
+              done(null,token);
+          });
+      } else {
+          done(new Error("Invalid"),false);
+      }
+  });
+}
+
+module.exports = {
+    bearerStrategy: bearerStrategy,
+    clientPasswordStrategy: clientPasswordStrategy,
+    passwordTokenExchange: passwordTokenExchange
+}

red/api/auth/tokens.js

@@ -0,0 +1,40 @@
+/**
+ * Copyright 2014 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+var when = require("when");
+
+function generateToken(length) {
+    var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
+    var token = [];
+    for (var i=0;i<length;i++) {
+        token.push(c[Math.floor(Math.random()*c.length)]);
+    }
+    return token.join("");
+}
+
+var tokens = {}
+
+module.exports = {
+    get: function(token) {
+        return when.resolve(tokens[token]);
+    },
+    create: function(user,client,scope) {
+        var token = generateToken(256);
+        tokens[token] = {user:user,client:client,scope:scope};
+        return when.resolve(token);
+    }
+    
+};

red/api/auth/users.js

@@ -0,0 +1,40 @@
+/**
+ * Copyright 2014 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+ 
+var when = require("when");
+var crypto = require("crypto");
+
+var settings = require("../../settings");
+
+//{username:"nick",password:crypto.createHash('md5').update("foo",'utf8').digest('hex')}
+var users = [];
+
+if (settings.httpAdminAuth) {
+    if (settings.httpAdminAuth.user && settings.httpAdminAuth.pass) {
+        users.push({username:settings.httpAdminAuth.user, password:settings.httpAdminAuth.pass});
+    }
+}
+
+module.exports = {
+    get: function(username) {
+        for (var i=0;i<users.length;i++) {
+            if (users[i].username == username) {
+                return when.resolve(users[i]);
+            }
+        }
+        return when.resolve(null);
+    }
+}