aboutsummaryrefslogtreecommitdiffstats
path: root/src/routes/middleware
diff options
context:
space:
mode:
authorMatt Strapp <matt@mattstrapp.net>2022-04-05 17:47:36 +0200
committerMatt Strapp <matt@mattstrapp.net>2022-04-05 17:48:13 +0200
commite1b9b6f5b80530620b7df2a0bebfd8941eadad3b (patch)
tree1fd746f187a3cfb35f032f1bc47997add2e57b63 /src/routes/middleware
parentBump prettier from 2.6.1 to 2.6.2 (#38) (diff)
downloadee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar
ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.gz
ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.bz2
ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.lz
ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.xz
ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.tar.zst
ee4511w-web-e1b9b6f5b80530620b7df2a0bebfd8941eadad3b.zip
Add Shibboleth login support
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to 'src/routes/middleware')
-rw-r--r--src/routes/middleware/saml.ts52
1 files changed, 44 insertions, 8 deletions
diff --git a/src/routes/middleware/saml.ts b/src/routes/middleware/saml.ts
index cce29a2..5904d6e 100644
--- a/src/routes/middleware/saml.ts
+++ b/src/routes/middleware/saml.ts
@@ -1,13 +1,49 @@
import BasicAuthenticator from 'umn-shib-nodejs';
import { Request, Response, NextFunction } from 'express';
-const saml = function (req: Request, res: Response, next: NextFunction): void {
+/**
+ * Express Middleware to check if the user is authenticated with Shibboleth, wraps {@link isLoggedIn}
+ * @param req Express request object
+ * @param res Express response object
+ * @param next Express next function
+ */
+export default function saml(
+ req: Request,
+ res: Response,
+ next: NextFunction
+): void {
const authenticator = new BasicAuthenticator(req, res);
- if (!authenticator.hasSession()) {
- res.redirect(authenticator.buildLoginURL());
- return;
- }
- next();
-};
+ if (isLoggedIn(req)) next();
+ else res.redirect(authenticator.buildLoginURL());
+}
-export default saml;
+/**
+ * A much simpler way to respond to a user that is not logged in for API calls.
+ * @param req Express request object
+ * @param res Express response object
+ * @param next Express next function
+ */
+export function saml_api(
+ req: Request,
+ res: Response,
+ next: NextFunction
+): void {
+ if (isLoggedIn(req)) next();
+ else res.status(401).json({ error: 'Not logged in.' });
+}
+
+/**
+ * Rudimentary check to see if the user is logged in by checking if the user has a session cookie
+ * @param req Express request object
+ * @returns true if the user is logged in, false otherwise
+ */
+function isLoggedIn(req: Request): boolean {
+ /*
+ Shibboleth token always contains _shibsession_, so we can check for that
+ Is this a good way to check if the user is logged in?
+ Not even slightly.
+ But it works.
+ */
+ const cookies = JSON.stringify(req.cookies);
+ return cookies.includes('_shibsession_');
+}