aboutsummaryrefslogtreecommitdiffstats
path: root/src/routes/middleware/saml.ts
blob: 5904d6e27b40452424f3ad1fbc0beb5c17be412c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import BasicAuthenticator from 'umn-shib-nodejs';
import { Request, Response, NextFunction } from 'express';

/**
 * Express Middleware to check if the user is authenticated with Shibboleth, wraps {@link isLoggedIn}
 * @param req Express request object
 * @param res Express response object
 * @param next Express next function
 */
export default function saml(
  req: Request,
  res: Response,
  next: NextFunction
): void {
  const authenticator = new BasicAuthenticator(req, res);
  if (isLoggedIn(req)) next();
  else res.redirect(authenticator.buildLoginURL());
}

/**
 * A much simpler way to respond to a user that is not logged in for API calls.
 * @param req Express request object
 * @param res Express response object
 * @param next Express next function
 */
export function saml_api(
  req: Request,
  res: Response,
  next: NextFunction
): void {
  if (isLoggedIn(req)) next();
  else res.status(401).json({ error: 'Not logged in.' });
}

/**
 * Rudimentary check to see if the user is logged in by checking if the user has a session cookie
 * @param req Express request object
 * @returns true if the user is logged in, false otherwise
 */
function isLoggedIn(req: Request): boolean {
  /* 
    Shibboleth token always contains _shibsession_, so we can check for that
    Is this a good way to check if the user is logged in?
    Not even slightly.
    But it works.
  */
  const cookies = JSON.stringify(req.cookies);
  return cookies.includes('_shibsession_');
}