Merge pull request #2479 from node-red-hitachi/dev-admin-api-auth

Add admin api authentication function
2025-03-01 10:36:34 +00:00 · 2020-03-13 13:36:53 +00:00
parent de971fa53f 83942c2551
commit 6912dec166
5 changed files with 142 additions and 4 deletions
--- a/packages/node_modules/@node-red/editor-api/lib/auth/index.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/index.js
@@ -36,6 +36,7 @@ var log = require("@node-red/util").log; // TODO: separate module
 passport.use(strategies.bearerStrategy.BearerStrategy);
 passport.use(strategies.clientPasswordStrategy.ClientPasswordStrategy);
 passport.use(strategies.anonymousStrategy);
+passport.use(strategies.tokensStrategy);

 var server = oauth2orize.createServer();

@@ -60,7 +61,7 @@ function init(_settings,storage) {
 function needsPermission(permission) {
    return function(req,res,next) {
        if (settings && settings.adminAuth) {
-            return passport.authenticate(['bearer','anon'],{ session: false })(req,res,function() {
+            return passport.authenticate(['bearer','tokens','anon'],{ session: false })(req,res,function() {
                if (!req.user) {
                    return next();
                }
--- a/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
@@ -123,9 +123,38 @@ AnonymousStrategy.prototype.authenticate = function(req) {
    });
 }

+function TokensStrategy() {
+  passport.Strategy.call(this);
+  this.name = 'tokens';
+}
+util.inherits(TokensStrategy, passport.Strategy);
+TokensStrategy.prototype.authenticate = function(req) {
+    var self = this;
+    var token = null;
+    if (Users.tokenHeader() === 'authorization') {  
+        if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+            token = req.headers.authorization.split(' ')[1];
+        }
+    } else {
+        token = req.headers[Users.tokenHeader()];
+    }
+    if (token) {
+        Users.tokens(token).then(function(admin) {
+            if (admin) {
+                self.success(admin,{scope:admin.permissions});
+            } else {
+                self.fail(401);
+            }
+        });
+    } else {
+        self.fail(401);
+    }
+}
+
 module.exports = {
    bearerStrategy: bearerStrategy,
    clientPasswordStrategy: clientPasswordStrategy,
    passwordTokenExchange: passwordTokenExchange,
-    anonymousStrategy: new AnonymousStrategy()
+    anonymousStrategy: new AnonymousStrategy(),
+    tokensStrategy: new TokensStrategy()
 }
--- a/packages/node_modules/@node-red/editor-api/lib/auth/users.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/users.js
@@ -59,7 +59,9 @@ function getDefaultUser() {
 var api = {
    get: get,
    authenticate: authenticate,
-    default: getDefaultUser
+    default: getDefaultUser,
+    tokens: getDefaultUser,
+    tokenHeader: "authorization"
 }

 function init(config) {
@@ -105,6 +107,12 @@ function init(config) {
    } else {
        api.default = getDefaultUser;
    }
+    if (config.tokens && typeof config.tokens === "function") {
+        api.tokens = config.tokens;
+        if (config.tokenHeader && typeof config.tokenHeader === "string") {
+            api.tokenHeader = config.tokenHeader.toLowerCase();
+        }
+    }
 }
 function cleanUser(user) {
    if (user && user.hasOwnProperty('password')) {
@@ -118,5 +126,7 @@ module.exports = {
    init: init,
    get: function(username) { return api.get(username).then(cleanUser)},
    authenticate: function() { return api.authenticate.apply(null, arguments) },
-    default: function() { return api.default(); }
+    default: function() { return api.default(); },
+    tokens: function(token) { return api.tokens(token); },
+    tokenHeader: function() { return api.tokenHeader }
 };