-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
142 lines (128 loc) · 4.15 KB
/
server.js
File metadata and controls
142 lines (128 loc) · 4.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
var express = require("express")
var cookieParser = require("cookie-parser")
var querystring = require('querystring')
var http = require('http')
/*
* Basic data sources
*/
var users = require("./users.json")
var clientCredentials = require("./client-credentials.json")
var app = express()
app.use(cookieParser())
app.use(express.json())
app.use(express.urlencoded({ extended: true }))
app.use(express.static("public"))
app.get("/hello", function(req, res) {
res.status(200).send("Hello")
})
/*
* Login endpoint to demonstrate basic login
*/
app.post("/login", function(req, res) {
console.log("Username : "+ req.body.username)
for (var user of users) {
if (user.username == req.body.username && user.password == req.body.password) {
res.cookie('user', JSON.stringify(user), {})
res.redirect('/iframe')
return
}
}
res.redirect('/login.html')
})
app.post("/logout", function(req, res) {
res.clearCookie('user')
res.redirect('/')
})
/*
* Check if the user is logged in
* Send them AB using OAuth login if not
*/
app.get("/iframe", function(req, res) {
var user = req.cookies.user
// This allows users to arrive from different asset bank instances,
// and get logged in using the correct one.
// We could also look at the referrer header
// If this parameter was not present, we could default to the basic login
var loginWith = req.query.loginWith
if (user == undefined) {
res.redirect(
loginWith +
"oauth/authorize" +
"?" +
"response_type=code" +
"&" +
"client_id=" + clientCredentials.clientId +
"&" +
"redirect_uri=http://localhost:3000/code")
} else {
res.sendFile(__dirname + "/views/iframe.html")
}
})
/*
* This is the endpoint the user hits after authenticating with asset bank
* We then query the AB API to get user details
*/
app.get("/code", function(req, res) {
var code = req.query.code
var expiresIn = req.query.expiresIn
var post_data = querystring.stringify({
grant_type: "authorization_code",
code: code,
redirect_uri: "http://localhost:3000/code",
client_id: clientCredentials.clientId,
client_secret: clientCredentials.clientSecret
})
// AB has multiple instances
// To make sure we query the right one, we might want to store which one was
// used for login, or make use of the state parameter.
var request = http.request(
{
host: "localhost",
port: "8080",
path: "/asset-bank/oauth/token",
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
"Content-Length": Buffer.byteLength(post_data)
}
}, function(tokenRes) {
tokenRes.setEncoding('utf8')
tokenRes.on('data', function (chunk) {
console.log('Token response: ' + chunk)
var tokenResponse = JSON.parse(chunk)
var accessToken = tokenResponse.access_token
var t = new Date()
var expiresAt = t.setSeconds(t.getSeconds() + tokenResponse.expires_in)
var userRequest = http.request(
{
host: "localhost",
port: "8080",
path: "/asset-bank/rest/authenticated-user/",
method: "GET",
headers: {
"Authorization": "Bearer " + accessToken,
"Accept": "application/json"
}
}, function(userRes) {
userRes.setEncoding('utf8')
userRes.on('data', function (chunk) {
console.log('Authorised user response: ' + chunk)
var userResponse = JSON.parse(chunk)
// The user details here could be matched to a local set of users
var user = {
username: userResponse.emailAddress,
name: userResponse.forename + " " + userResponse.surname
}
res.cookie('user', JSON.stringify(user), {expire: expiresAt})
res.redirect('/iframe')
})
})
userRequest.end()
})
})
request.write(post_data)
request.end()
})
var server = app.listen(3000, function () {
console.log("app running on port", server.address().port)
})