1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Update the implementation according to the Design notes

This commit is contained in:
Hideki Nakamura 2018-09-11 09:44:18 -07:00
parent b14a0e0dde
commit cb0e631b85
4 changed files with 38 additions and 34 deletions

View File

@ -40,8 +40,9 @@ function init(runtime) {
settings = runtime.settings; settings = runtime.settings;
log = runtime.log; log = runtime.log;
if (settings.adminAuth) { if (settings.adminAuth) {
Users.init(settings.adminAuth,settings.apiAccessTokens); var mergedAdminAuth = Object.assign(settings.adminAuth, settings.adminAuth.module);
Tokens.init(settings.adminAuth,runtime.storage,settings.apiAccessTokens); Users.init(mergedAdminAuth);
Tokens.init(mergedAdminAuth,runtime.storage);
strategies.init(runtime); strategies.init(runtime);
} }
} }
@ -81,23 +82,24 @@ function getToken(req,res,next) {
function login(req,res) { function login(req,res) {
var response = {}; var response = {};
if (settings.adminAuth) { if (settings.adminAuth) {
if (settings.adminAuth.type === "credentials") { var mergedAdminAuth = Object.assign(settings.adminAuth, settings.adminAuth.module);
if (mergedAdminAuth.type === "credentials") {
response = { response = {
"type":"credentials", "type":"credentials",
"prompts":[{id:"username",type:"text",label:"user.username"},{id:"password",type:"password",label:"user.password"}] "prompts":[{id:"username",type:"text",label:"user.username"},{id:"password",type:"password",label:"user.password"}]
} }
} else if (settings.adminAuth.type === "strategy") { } else if (mergedAdminAuth.type === "strategy") {
var urlPrefix = (settings.httpAdminRoot==='/')?"":settings.httpAdminRoot; var urlPrefix = (settings.httpAdminRoot==='/')?"":settings.httpAdminRoot;
response = { response = {
"type":"strategy", "type":"strategy",
"prompts":[{type:"button",label:settings.adminAuth.strategy.label, url: urlPrefix + "auth/strategy"}] "prompts":[{type:"button",label:mergedAdminAuth.strategy.label, url: urlPrefix + "auth/strategy"}]
} }
if (settings.adminAuth.strategy.icon) { if (mergedAdminAuth.strategy.icon) {
response.prompts[0].icon = settings.adminAuth.strategy.icon; response.prompts[0].icon = mergedAdminAuth.strategy.icon;
} }
if (settings.adminAuth.strategy.image) { if (mergedAdminAuth.strategy.image) {
response.prompts[0].image = theme.serveFile('/login/',settings.adminAuth.strategy.image); response.prompts[0].image = theme.serveFile('/login/',mergedAdminAuth.strategy.image);
} }
} }
if (theme.context().login && theme.context().login.image) { if (theme.context().login && theme.context().login.image) {

View File

@ -63,7 +63,7 @@ function loadSessions() {
} }
module.exports = { module.exports = {
init: function(adminAuthSettings, _storage, apiAccessTokensSettings) { init: function(adminAuthSettings, _storage) {
storage = _storage; storage = _storage;
sessionExpiryTime = adminAuthSettings.sessionExpiryTime || 604800; // 1 week in seconds sessionExpiryTime = adminAuthSettings.sessionExpiryTime || 604800; // 1 week in seconds
// At this point, storage will not have been initialised, so defer loading // At this point, storage will not have been initialised, so defer loading
@ -71,11 +71,11 @@ module.exports = {
loadedSessions = null; loadedSessions = null;
apiAccessTokens = {}; apiAccessTokens = {};
if ( Array.isArray(apiAccessTokensSettings) ) { if ( Array.isArray(adminAuthSettings.tokens) ) {
apiAccessTokens = apiAccessTokensSettings.reduce(function(prev, current) { apiAccessTokens = adminAuthSettings.tokens.reduce(function(prev, current) {
prev[current.token] = { prev[current.token] = {
user: current.username, user: current.user,
scope: current.permissions scope: current.scope
}; };
return prev; return prev;
}, {}); }, {});

View File

@ -57,35 +57,18 @@ function getDefaultUser() {
} }
var api = { var api = {
get: wrapperGetUserFromSettings(get), get: get,
authenticate: authenticate, authenticate: authenticate,
default: getDefaultUser default: getDefaultUser
} }
var apiAccessUsers = {}; function init(config) {
function wrapperGetUserFromSettings (getFunc) {
return function (username) {
if (apiAccessUsers[username]) {
return Promise.resolve(apiAccessUsers[username]);
} else {
return getFunc(username);
}
};
}
function init(config, apiAccessTokensSettings) {
users = {}; users = {};
defaultUser = null; defaultUser = null;
apiAccessUsers = apiAccessTokensSettings.reduce(function (prev, current) {
if (current.username) {
prev[current.username] = current.username;
}
return prev;
}, {});
if (config.type == "credentials" || config.type == "strategy") { if (config.type == "credentials" || config.type == "strategy") {
if (config.users) { if (config.users) {
if (typeof config.users === "function") { if (typeof config.users === "function") {
api.get = wrapperGetUserFromSettings(config.users); api.get = config.users;
} else { } else {
var us = config.users; var us = config.users;
/* istanbul ignore else */ /* istanbul ignore else */

View File

@ -124,6 +124,25 @@ module.exports = {
// }] // }]
//}, //},
// If you would like to use not only this access token feature but also a Node-RED
// plugin module for authenticatiing users such as node-red-auth-github,
// you can define the module in adminAuth.module property.
//adminAuth: {
// module: require('node-red-auth-github')({
// clientID: GITHUB_CLIENT_ID,
// clientSecret: GITHUB_CLIENT_SECRET,
// baseURL: "http://localhost:1880/",
// users: [
// { username: "knolleary",permissions: ["*"]}
// ]
// })
// tokens: [{
// token: "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ",
// user: "knolleary",
// scope: ["*"]
// }]
//},
// To password protect the node-defined HTTP endpoints (httpNodeRoot), or // To password protect the node-defined HTTP endpoints (httpNodeRoot), or
// the static content (httpStatic), the following properties can be used. // the static content (httpStatic), the following properties can be used.
// The pass field is a bcrypt hash of the password. // The pass field is a bcrypt hash of the password.