mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Update the implementation according to the Design notes
This commit is contained in:
parent
b14a0e0dde
commit
cb0e631b85
@ -40,8 +40,9 @@ function init(runtime) {
|
|||||||
settings = runtime.settings;
|
settings = runtime.settings;
|
||||||
log = runtime.log;
|
log = runtime.log;
|
||||||
if (settings.adminAuth) {
|
if (settings.adminAuth) {
|
||||||
Users.init(settings.adminAuth,settings.apiAccessTokens);
|
var mergedAdminAuth = Object.assign(settings.adminAuth, settings.adminAuth.module);
|
||||||
Tokens.init(settings.adminAuth,runtime.storage,settings.apiAccessTokens);
|
Users.init(mergedAdminAuth);
|
||||||
|
Tokens.init(mergedAdminAuth,runtime.storage);
|
||||||
strategies.init(runtime);
|
strategies.init(runtime);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -81,23 +82,24 @@ function getToken(req,res,next) {
|
|||||||
function login(req,res) {
|
function login(req,res) {
|
||||||
var response = {};
|
var response = {};
|
||||||
if (settings.adminAuth) {
|
if (settings.adminAuth) {
|
||||||
if (settings.adminAuth.type === "credentials") {
|
var mergedAdminAuth = Object.assign(settings.adminAuth, settings.adminAuth.module);
|
||||||
|
if (mergedAdminAuth.type === "credentials") {
|
||||||
response = {
|
response = {
|
||||||
"type":"credentials",
|
"type":"credentials",
|
||||||
"prompts":[{id:"username",type:"text",label:"user.username"},{id:"password",type:"password",label:"user.password"}]
|
"prompts":[{id:"username",type:"text",label:"user.username"},{id:"password",type:"password",label:"user.password"}]
|
||||||
}
|
}
|
||||||
} else if (settings.adminAuth.type === "strategy") {
|
} else if (mergedAdminAuth.type === "strategy") {
|
||||||
|
|
||||||
var urlPrefix = (settings.httpAdminRoot==='/')?"":settings.httpAdminRoot;
|
var urlPrefix = (settings.httpAdminRoot==='/')?"":settings.httpAdminRoot;
|
||||||
response = {
|
response = {
|
||||||
"type":"strategy",
|
"type":"strategy",
|
||||||
"prompts":[{type:"button",label:settings.adminAuth.strategy.label, url: urlPrefix + "auth/strategy"}]
|
"prompts":[{type:"button",label:mergedAdminAuth.strategy.label, url: urlPrefix + "auth/strategy"}]
|
||||||
}
|
}
|
||||||
if (settings.adminAuth.strategy.icon) {
|
if (mergedAdminAuth.strategy.icon) {
|
||||||
response.prompts[0].icon = settings.adminAuth.strategy.icon;
|
response.prompts[0].icon = mergedAdminAuth.strategy.icon;
|
||||||
}
|
}
|
||||||
if (settings.adminAuth.strategy.image) {
|
if (mergedAdminAuth.strategy.image) {
|
||||||
response.prompts[0].image = theme.serveFile('/login/',settings.adminAuth.strategy.image);
|
response.prompts[0].image = theme.serveFile('/login/',mergedAdminAuth.strategy.image);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (theme.context().login && theme.context().login.image) {
|
if (theme.context().login && theme.context().login.image) {
|
||||||
|
@ -63,7 +63,7 @@ function loadSessions() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
init: function(adminAuthSettings, _storage, apiAccessTokensSettings) {
|
init: function(adminAuthSettings, _storage) {
|
||||||
storage = _storage;
|
storage = _storage;
|
||||||
sessionExpiryTime = adminAuthSettings.sessionExpiryTime || 604800; // 1 week in seconds
|
sessionExpiryTime = adminAuthSettings.sessionExpiryTime || 604800; // 1 week in seconds
|
||||||
// At this point, storage will not have been initialised, so defer loading
|
// At this point, storage will not have been initialised, so defer loading
|
||||||
@ -71,11 +71,11 @@ module.exports = {
|
|||||||
loadedSessions = null;
|
loadedSessions = null;
|
||||||
|
|
||||||
apiAccessTokens = {};
|
apiAccessTokens = {};
|
||||||
if ( Array.isArray(apiAccessTokensSettings) ) {
|
if ( Array.isArray(adminAuthSettings.tokens) ) {
|
||||||
apiAccessTokens = apiAccessTokensSettings.reduce(function(prev, current) {
|
apiAccessTokens = adminAuthSettings.tokens.reduce(function(prev, current) {
|
||||||
prev[current.token] = {
|
prev[current.token] = {
|
||||||
user: current.username,
|
user: current.user,
|
||||||
scope: current.permissions
|
scope: current.scope
|
||||||
};
|
};
|
||||||
return prev;
|
return prev;
|
||||||
}, {});
|
}, {});
|
||||||
|
@ -57,35 +57,18 @@ function getDefaultUser() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var api = {
|
var api = {
|
||||||
get: wrapperGetUserFromSettings(get),
|
get: get,
|
||||||
authenticate: authenticate,
|
authenticate: authenticate,
|
||||||
default: getDefaultUser
|
default: getDefaultUser
|
||||||
}
|
}
|
||||||
|
|
||||||
var apiAccessUsers = {};
|
function init(config) {
|
||||||
function wrapperGetUserFromSettings (getFunc) {
|
|
||||||
return function (username) {
|
|
||||||
if (apiAccessUsers[username]) {
|
|
||||||
return Promise.resolve(apiAccessUsers[username]);
|
|
||||||
} else {
|
|
||||||
return getFunc(username);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
function init(config, apiAccessTokensSettings) {
|
|
||||||
users = {};
|
users = {};
|
||||||
defaultUser = null;
|
defaultUser = null;
|
||||||
apiAccessUsers = apiAccessTokensSettings.reduce(function (prev, current) {
|
|
||||||
if (current.username) {
|
|
||||||
prev[current.username] = current.username;
|
|
||||||
}
|
|
||||||
return prev;
|
|
||||||
}, {});
|
|
||||||
if (config.type == "credentials" || config.type == "strategy") {
|
if (config.type == "credentials" || config.type == "strategy") {
|
||||||
if (config.users) {
|
if (config.users) {
|
||||||
if (typeof config.users === "function") {
|
if (typeof config.users === "function") {
|
||||||
api.get = wrapperGetUserFromSettings(config.users);
|
api.get = config.users;
|
||||||
} else {
|
} else {
|
||||||
var us = config.users;
|
var us = config.users;
|
||||||
/* istanbul ignore else */
|
/* istanbul ignore else */
|
||||||
|
19
settings.js
19
settings.js
@ -124,6 +124,25 @@ module.exports = {
|
|||||||
// }]
|
// }]
|
||||||
//},
|
//},
|
||||||
|
|
||||||
|
// If you would like to use not only this access token feature but also a Node-RED
|
||||||
|
// plugin module for authenticatiing users such as node-red-auth-github,
|
||||||
|
// you can define the module in adminAuth.module property.
|
||||||
|
//adminAuth: {
|
||||||
|
// module: require('node-red-auth-github')({
|
||||||
|
// clientID: GITHUB_CLIENT_ID,
|
||||||
|
// clientSecret: GITHUB_CLIENT_SECRET,
|
||||||
|
// baseURL: "http://localhost:1880/",
|
||||||
|
// users: [
|
||||||
|
// { username: "knolleary",permissions: ["*"]}
|
||||||
|
// ]
|
||||||
|
// })
|
||||||
|
// tokens: [{
|
||||||
|
// token: "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ",
|
||||||
|
// user: "knolleary",
|
||||||
|
// scope: ["*"]
|
||||||
|
// }]
|
||||||
|
//},
|
||||||
|
|
||||||
// To password protect the node-defined HTTP endpoints (httpNodeRoot), or
|
// To password protect the node-defined HTTP endpoints (httpNodeRoot), or
|
||||||
// the static content (httpStatic), the following properties can be used.
|
// the static content (httpStatic), the following properties can be used.
|
||||||
// The pass field is a bcrypt hash of the password.
|
// The pass field is a bcrypt hash of the password.
|
||||||
|
Loading…
Reference in New Issue
Block a user