diff options
| author | Matt Strapp <matt@mattstrapp.net> | 2022-04-05 17:47:36 +0200 |
|---|---|---|
| committer | Matt Strapp <matt@mattstrapp.net> | 2022-04-05 17:48:13 +0200 |
| commit | e1b9b6f5b80530620b7df2a0bebfd8941eadad3b (patch) | |
| tree | 1fd746f187a3cfb35f032f1bc47997add2e57b63 /src/routes/middleware/saml.ts | |
| parent | Bump prettier from 2.6.1 to 2.6.2 (#38) (diff) | |
| download | ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.gz ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.bz2 ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.lz ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.xz ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.zst ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.zip | |
Add Shibboleth login support
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to 'src/routes/middleware/saml.ts')
| -rw-r--r-- | src/routes/middleware/saml.ts | 52 |
1 files changed, 44 insertions, 8 deletions
diff --git a/src/routes/middleware/saml.ts b/src/routes/middleware/saml.ts index cce29a2..5904d6e 100644 --- a/src/routes/middleware/saml.ts +++ b/src/routes/middleware/saml.ts @@ -1,13 +1,49 @@ import BasicAuthenticator from 'umn-shib-nodejs'; import { Request, Response, NextFunction } from 'express'; -const saml = function (req: Request, res: Response, next: NextFunction): void { +/** + * Express Middleware to check if the user is authenticated with Shibboleth, wraps {@link isLoggedIn} + * @param req Express request object + * @param res Express response object + * @param next Express next function + */ +export default function saml( + req: Request, + res: Response, + next: NextFunction +): void { const authenticator = new BasicAuthenticator(req, res); - if (!authenticator.hasSession()) { - res.redirect(authenticator.buildLoginURL()); - return; - } - next(); -}; + if (isLoggedIn(req)) next(); + else res.redirect(authenticator.buildLoginURL()); +} -export default saml; +/** + * A much simpler way to respond to a user that is not logged in for API calls. + * @param req Express request object + * @param res Express response object + * @param next Express next function + */ +export function saml_api( + req: Request, + res: Response, + next: NextFunction +): void { + if (isLoggedIn(req)) next(); + else res.status(401).json({ error: 'Not logged in.' }); +} + +/** + * Rudimentary check to see if the user is logged in by checking if the user has a session cookie + * @param req Express request object + * @returns true if the user is logged in, false otherwise + */ +function isLoggedIn(req: Request): boolean { + /* + Shibboleth token always contains _shibsession_, so we can check for that + Is this a good way to check if the user is logged in? + Not even slightly. + But it works. + */ + const cookies = JSON.stringify(req.cookies); + return cookies.includes('_shibsession_'); +} |