From b14a0e0dde4c2892acd9a5e557fdea523e6d8064 Mon Sep 17 00:00:00 2001 From: Hideki Nakamura Date: Tue, 10 Jul 2018 17:25:01 -0700 Subject: [PATCH] Merge the logic for api access token to tokens.js so as not to change strategies.js --- red/api/auth/api-access-tokens.js | 36 ------------------------------- red/api/auth/index.js | 6 ++---- red/api/auth/strategies.js | 25 ++++++++------------- red/api/auth/tokens.js | 29 ++++++++++++++++++++----- red/api/auth/users.js | 23 +++++++++++++++++--- 5 files changed, 55 insertions(+), 64 deletions(-) delete mode 100644 red/api/auth/api-access-tokens.js diff --git a/red/api/auth/api-access-tokens.js b/red/api/auth/api-access-tokens.js deleted file mode 100644 index bf61516b3..000000000 --- a/red/api/auth/api-access-tokens.js +++ /dev/null @@ -1,36 +0,0 @@ -/** - * Copyright JS Foundation and other contributors, http://js.foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - **/ -var generatedTokens; - -module.exports = { - init: function(apiAccessTokensSettings) { - generatedTokens = {}; - if ( Array.isArray(apiAccessTokensSettings) ) { - generatedTokens = apiAccessTokensSettings.reduce(function(prev, current) { - prev[current.token] = { - username: current.username, - scope: current.permissions - }; - return prev; - }, {}); - } - return Promise.resolve(); - }, - get: function(token) { - var info = generatedTokens[token] || null; - return Promise.resolve(info); - } -} diff --git a/red/api/auth/index.js b/red/api/auth/index.js index 3e3a28bfa..c89c8d240 100644 --- a/red/api/auth/index.js +++ b/red/api/auth/index.js @@ -19,7 +19,6 @@ var oauth2orize = require("oauth2orize"); var strategies = require("./strategies"); var Tokens = require("./tokens"); -var apiAccessTokens = require("./api-access-tokens"); var Users = require("./users"); var permissions = require("./permissions"); @@ -41,9 +40,8 @@ function init(runtime) { settings = runtime.settings; log = runtime.log; if (settings.adminAuth) { - Users.init(settings.adminAuth); - Tokens.init(settings.adminAuth,runtime.storage); - apiAccessTokens.init(settings.apiAccessTokens); + Users.init(settings.adminAuth,settings.apiAccessTokens); + Tokens.init(settings.adminAuth,runtime.storage,settings.apiAccessTokens); strategies.init(runtime); } } diff --git a/red/api/auth/strategies.js b/red/api/auth/strategies.js index 5d3124497..0f5b554e4 100644 --- a/red/api/auth/strategies.js +++ b/red/api/auth/strategies.js @@ -22,7 +22,6 @@ var crypto = require("crypto"); var util = require("util"); var Tokens = require("./tokens"); -var apiAccessTokens = require("./api-access-tokens"); var Users = require("./users"); var Clients = require("./clients"); var permissions = require("./permissions"); @@ -31,27 +30,21 @@ var log; var bearerStrategy = function (accessToken, done) { // is this a valid token? - apiAccessTokens.get(accessToken).then(function(tokenInfo) { - if (tokenInfo && tokenInfo.username && tokenInfo.scope) { - done(null, tokenInfo.username,{scope:tokenInfo.scope}); - } else { - Tokens.get(accessToken).then(function(token) { - if (token) { - Users.get(token.user).then(function(user) { - if (user) { - done(null,user,{scope:token.scope}); - } else { - log.audit({event: "auth.invalid-token"}); - done(null,false); - } - }); + Tokens.get(accessToken).then(function(token) { + if (token) { + Users.get(token.user).then(function(user) { + if (user) { + done(null,user,{scope:token.scope}); } else { log.audit({event: "auth.invalid-token"}); done(null,false); } }); + } else { + log.audit({event: "auth.invalid-token"}); + done(null,false); } - }) + }); } bearerStrategy.BearerStrategy = new BearerStrategy(bearerStrategy); diff --git a/red/api/auth/tokens.js b/red/api/auth/tokens.js index 620cd6a12..054234215 100644 --- a/red/api/auth/tokens.js +++ b/red/api/auth/tokens.js @@ -32,6 +32,8 @@ var sessions = {}; var loadedSessions = null; +var apiAccessTokens; + function expireSessions() { var now = Date.now(); var modified = false; @@ -61,22 +63,39 @@ function loadSessions() { } module.exports = { - init: function(adminAuthSettings, _storage) { + init: function(adminAuthSettings, _storage, apiAccessTokensSettings) { storage = _storage; sessionExpiryTime = adminAuthSettings.sessionExpiryTime || 604800; // 1 week in seconds // At this point, storage will not have been initialised, so defer loading // the sessions until there's a request for them. loadedSessions = null; + + apiAccessTokens = {}; + if ( Array.isArray(apiAccessTokensSettings) ) { + apiAccessTokens = apiAccessTokensSettings.reduce(function(prev, current) { + prev[current.token] = { + user: current.username, + scope: current.permissions + }; + return prev; + }, {}); + } return Promise.resolve(); }, get: function(token) { return loadSessions().then(function() { - if (sessions[token]) { - if (sessions[token].expires < Date.now()) { - return expireSessions().then(function() { return null }); + var info = apiAccessTokens[token] || null; + + if (info) { + return Promise.resolve(info); + } else { + if (sessions[token]) { + if (sessions[token].expires < Date.now()) { + return expireSessions().then(function() { return null }); + } } + return Promise.resolve(sessions[token]); } - return Promise.resolve(sessions[token]); }); }, create: function(user,client,scope) { diff --git a/red/api/auth/users.js b/red/api/auth/users.js index 24a762958..4c2aaaf09 100644 --- a/red/api/auth/users.js +++ b/red/api/auth/users.js @@ -57,18 +57,35 @@ function getDefaultUser() { } var api = { - get: get, + get: wrapperGetUserFromSettings(get), authenticate: authenticate, default: getDefaultUser } -function init(config) { +var apiAccessUsers = {}; +function wrapperGetUserFromSettings (getFunc) { + return function (username) { + if (apiAccessUsers[username]) { + return Promise.resolve(apiAccessUsers[username]); + } else { + return getFunc(username); + } + }; +} + +function init(config, apiAccessTokensSettings) { users = {}; defaultUser = null; + apiAccessUsers = apiAccessTokensSettings.reduce(function (prev, current) { + if (current.username) { + prev[current.username] = current.username; + } + return prev; + }, {}); if (config.type == "credentials" || config.type == "strategy") { if (config.users) { if (typeof config.users === "function") { - api.get = config.users; + api.get = wrapperGetUserFromSettings(config.users); } else { var us = config.users; /* istanbul ignore else */