Merge pull request #483 from grtjn/master

Fixed #482: made sure authenticators are cleared properly at /user/logout, and code reformatting of all node-server files

Author: grtjn

app/templates/node-server/node-app.js

@@ -52,7 +52,7 @@ console.log('About to crank up node');
 console.log('PORT=' + port);
 console.log('NODE_ENV=' + environment);
 
-switch (environment){
+switch (environment) {
   case 'prod':
   case 'dev':
     console.log('** DIST **');
@@ -82,25 +82,25 @@ var server = null;
 if (options.nodeJsCertificate) {
   // Docs on how to create self signed certificates
   // https://devcenter.heroku.com/articles/ssl-certificate-self#prerequisites
-  console.log("Starting the server in HTTPS");
-  console.log("Node Certificate " + options.nodeJsCertificate);
-  console.log("Node JS key " + options.nodeJsPrivateKey);
-  var privateKey  = fs.readFileSync(options.nodeJsPrivateKey, 'utf8');
+  console.log('Starting the server in HTTPS');
+  console.log('Node Certificate ' + options.nodeJsCertificate);
+  console.log('Node JS key ' + options.nodeJsPrivateKey);
+  var privateKey = fs.readFileSync(options.nodeJsPrivateKey, 'utf8');
   var certificate = fs.readFileSync(options.nodeJsCertificate, 'utf8');
   var credentials = {
     key: privateKey,
     cert: certificate
   };
   server = https.createServer(credentials, app);
 } else {
-  console.log("Starting the server in HTTP");
+  console.log('Starting the server in HTTP');
   server = http.createServer(app);
 }
 
 server.listen(port, function() {
   console.log('Express server listening on port ' + port);
   console.log('env = ' + app.get('env') +
-    '\n__dirname = ' + __dirname  +
+    '\n__dirname = ' + __dirname +
     '\nprocess.cwd = ' + process.cwd());
 });
 

app/templates/node-server/proxy.js

@@ -12,10 +12,10 @@ var fs = require('fs');
 
 var ca = null;
 if (options.mlCertificate) {
-  console.log("Loading ML Certificate " + options.mlCertificate);
+  console.log('Loading ML Certificate ' + options.mlCertificate);
   ca = fs.readFileSync(options.mlCertificate);
 } else {
-  console.log("No ML SSL Certificate.");
+  console.log('No ML SSL Certificate.');
 }
 
 /************************************************/
@@ -24,41 +24,45 @@ if (options.mlCertificate) {
 
 // TODO: configurable path?
 var target = url.format({
-  protocol: options.mlCertificate?'https':'http',
+  protocol: options.mlCertificate ? 'https' : 'http',
   hostname: options.mlHost,
   port: options.mlHttpPort,
   pathname: '/v1'
 });
 
 var proxyServer = httpProxy.createProxyServer({
-  target: target
-  , ca : options.mlCertificate?ca:null
-  //options.httpsStrict==="false" assumes that you are in dev mode
-  , secure: options.httpsStrict==="true"?true:false
+  target: target,
+  ca: options.mlCertificate ? ca : null,
+  secure: options.httpsStrict
+    //options.httpsStrict === false assumes that you are in dev mode
 });
 
 function getAuth(req) {
   var user = req.session.passport && req.session.passport.user &&
-             req.session.passport.user.username;
+    req.session.passport.user.username;
 
   return authHelper.getAuthorization(req.session, req.method, req.path, {
     authUser: user
-  })
+  });
 }
 
-function proxy (req, res) {
-  getAuth(req).then(function (auth) {
+function proxy(req, res) {
+  getAuth(req).then(function(auth) {
     // TODO: if no auth?
-    var headers = { headers: { authorization: auth } };
+    var headers = {
+      headers: {
+        authorization: auth
+      }
+    };
 
     // TODO: filter www-header in response?
     // (currently prompts without authed middleware)
 
-    proxyServer.web(req, res, headers, function (e) {
+    proxyServer.web(req, res, headers, function(e) {
       console.log(e);
       res.status(500).send('Error');
     });
-  }, function (e) {
+  }, function(e) {
     console.log('auth error:');
     console.log(e);
     return res.status(401).send('Unauthorized');
@@ -69,35 +73,35 @@ function proxy (req, res) {
 /**********  create custom middleware  **********/
 /************************************************/
 
-function noCache (req, res, next) {
-  res.append('Cache-Control', 'no-cache, must-revalidate');     // HTTP 1.1 - must-revalidate
-  res.append('Pragma',        'no-cache');                      // HTTP 1.0
-  res.append('Expires',       'Sat, 26 Jul 1997 05:00:00 GMT'); // Date in the past
+function noCache(req, res, next) {
+  res.append('Cache-Control', 'no-cache, must-revalidate'); // HTTP 1.1 - must-revalidate
+  res.append('Pragma', 'no-cache'); // HTTP 1.0
+  res.append('Expires', 'Sat, 26 Jul 1997 05:00:00 GMT'); // Date in the past
 
   next();
 }
 
-function authed (req, res, next) {
+function authed(req, res, next) {
   if (!(options.guestAccess || req.isAuthenticated())) {
     return res.status(401).send('Unauthorized');
   }
 
   next();
 }
 
-function update (req, res, next) {
+function update(req, res, next) {
   if (options.disallowUpdates) {
     return res.status(403).send('Forbidden');
   }
 
   next();
 }
 
-function profile (req, res, next) {
+function profile(req, res, next) {
   if ((req.path === '/documents') &&
-      req.query.uri &&
-      req.query.uri.match('/api/users/') &&
-      !req.query.uri.match('/api/users/' + req.session.passport.user.username + '.json')) {
+    req.query.uri &&
+    req.query.uri.match('/api/users/') &&
+    !req.query.uri.match('/api/users/' + req.session.passport.user.username + '.json')) {
     return res.status(403).send('Forbidden');
   }
 
@@ -143,7 +147,7 @@ ext.get(proxy);
 ext.all(update, proxy);
 
 // Explicitly reject all other routes
-router.all('*', function (req, res) {
+router.all('*', function(req, res) {
   res.status(401).send('Not proxied');
 });
 

app/templates/node-server/routes.js

@@ -12,18 +12,20 @@ var http = require('http');
 var https = require('https');
 var fs = require('fs');
 
-var ca = "";
+var ca = '';
 var httpClient = null;
 if (options.mlCertificate) {
-    console.log("Loading ML Certificate " + options.mlCertificate);
-    ca = fs.readFileSync(options.mlCertificate);
-    httpClient = https;
+  console.log('Loading ML Certificate ' + options.mlCertificate);
+  ca = fs.readFileSync(options.mlCertificate);
+  httpClient = https;
 } else {
-    httpClient = http;
+  httpClient = http;
 }
 
 // [GJo] (#31) Moved bodyParsing inside routing, otherwise it might try to parse uploaded binaries as json..
-router.use(bodyParser.urlencoded({extended: true}));
+router.use(bodyParser.urlencoded({
+  extended: true
+}));
 router.use(bodyParser.json());
 
 router.get('/user/status', function(req, res) {
@@ -33,8 +35,9 @@ router.get('/user/status', function(req, res) {
     if (options.guestAccess) {
       res.send(authStatus(
         true,
-        options.defaultUser,
-        { fullname: 'Guest' }
+        options.defaultUser, {
+          fullname: 'Guest'
+        }
       ));
     } else {
       res.send(authStatus(
@@ -54,14 +57,12 @@ router.get('/user/status', function(req, res) {
     };
 
     delete headers['content-length'];
-    authHelper.getAuthorization(req.session, reqOptions.method, reqOptions.path,
-      {
-        authHost: reqOptions.hostname || options.mlHost,
-        authPort: reqOptions.port || options.mlHttpPort,
-        authUser: passportUser.username,
-        authPassword: passportUser.password
-      }
-    ).then(
+    authHelper.getAuthorization(req.session, reqOptions.method, reqOptions.path, {
+      authHost: reqOptions.hostname || options.mlHost,
+      authPort: reqOptions.port || options.mlHttpPort,
+      authUser: passportUser.username,
+      authPassword: passportUser.password
+    }).then(
       function(authorization) {
         delete headers['content-length'];
         if (authorization) {
@@ -100,7 +101,7 @@ router.get('/user/status', function(req, res) {
           }
         });
 
-        profile.on('socket', function (socket) {
+        profile.on('socket', function(socket) {
           socket.on('timeout', function() {
             console.log('Timeout reached, aborting call to ML..');
             profile.abort();
@@ -135,19 +136,16 @@ router.post('/user/login', function(req, res, next) {
 
 router.get('/user/logout', function(req, res) {
   noCache(res);
-  if (req.session.authenticator) {
-    authHelper.clearAuthenticator(req.session);
-    delete req.session.authenticator;
-  }
   req.logout();
+  authHelper.clearAuthenticator(req.session);
   res.send();
 });
 
 router.get('/*', four0four.notFoundMiddleware);
 
 function noCache(response) {
-  response.append('Cache-Control', 'no-cache, must-revalidate');//HTTP 1.1 - must-revalidate
-  response.append('Pragma', 'no-cache');//HTTP 1.0
+  response.append('Cache-Control', 'no-cache, must-revalidate'); //HTTP 1.1 - must-revalidate
+  response.append('Pragma', 'no-cache'); //HTTP 1.0
   response.append('Expires', 'Sat, 26 Jul 1997 05:00:00 GMT'); // Date in the past
 }
 

app/templates/node-server/utils/auth-helper.js

@@ -3,7 +3,7 @@
 'use strict';
 
 var options = require('./options')();
-var https = require('https')
+var https = require('https');
 var http = require('http');
 var q = require('q');
 var wwwAuthenticate = require('www-authenticate');
@@ -14,12 +14,12 @@ var LocalStrategy = require('passport-local').Strategy;
 
 var httpClient = http;
 if (options.mlCertificate) {
-    console.log("ML Certificate = '" + options.mlCertificate + "'")
-    console.log("Will use https client.");
-    httpClient = https;
+  console.log('ML Certificate = "' + options.mlCertificate + '"');
+  console.log('Will use https client.');
+  httpClient = https;
 } else {
-    console.log("ML Certificate = '" + options.mlCertificate + "'")
-    console.log("Will use http client.");
+  console.log('ML Certificate = "' + options.mlCertificate + '"');
+  console.log('Will use http client.');
 }
 
 var defaultOptions = {
@@ -39,8 +39,9 @@ function init() {
     done(null, obj);
   });
 
-  passport.use(new LocalStrategy(
-    { passReqToCallback: true },
+  passport.use(new LocalStrategy({
+      passReqToCallback: true
+    },
     function(req, username, password, done) {
       var reqOptions = {
         hostname: options.mlHost,
@@ -49,24 +50,22 @@ function init() {
         headers: {}
       };
 
-      getAuthorization(req.session, reqOptions.method, reqOptions.path,
-        {
-          authHost: options.mlHost,
-          authPort: options.mlHttpPort,
-          authUser: username,
-          authPassword: password
-        }
-      ).then(function(authorization) {
+      getAuthorization(req.session, reqOptions.method, reqOptions.path, {
+        authHost: options.mlHost,
+        authPort: options.mlHttpPort,
+        authUser: username,
+        authPassword: password
+      }).then(function(authorization) {
         if (authorization) {
           reqOptions.headers.Authorization = authorization;
         }
 
         var login = httpClient.get(reqOptions, function(response) {
 
           var user = {
-                authenticated:true,
-                username:username
-              };
+            authenticated: true,
+            username: username
+          };
 
           if (response.statusCode === 200) {
             response.on('data', function(chunk) {
@@ -83,9 +82,13 @@ function init() {
             //no user profile yet..
             done(null, user);
           } else if (response.statusCode === 401) {
-            done(null, false, {message: 'Invalid credentials'});
+            done(null, false, {
+              message: 'Invalid credentials'
+            });
           } else {
-            done(null, false, {message: 'API error'});
+            done(null, false, {
+              message: 'API error'
+            });
           }
         });
         login.on('error', function(e) {
@@ -100,7 +103,9 @@ function init() {
 
 function handleLocalAuth(req, res, next) {
   passport.authenticate('local', function(err, user, info) {
-    if (err) { return next(err); }
+    if (err) {
+      return next(err);
+    }
     if (!user) {
       return res.json(401, {
         message: info.message
@@ -109,7 +114,9 @@ function handleLocalAuth(req, res, next) {
 
     // Manually establish the session...
     req.login(user, function(err) {
-      if (err) { return next(err); }
+      if (err) {
+        return next(err);
+      }
       return res.json(user);
     });
 
@@ -120,8 +127,7 @@ function isAuthenticated(req, res, next) {
 
   if (req.isAuthenticated()) {
     return next();
-  }
-  else {
+  } else {
     res.status(401).send('Unauthorized');
   }
 }
@@ -181,8 +187,7 @@ function timestampAuthenticator(authenticator) {
 var expirationTime = 1000 * 60 * 60 * 12;
 
 function isExpired(authenticator) {
-  return
-  authenticator.lastAccessed &&
+  return authenticator.lastAccessed &&
     ((new Date()) - authenticator.lastAccessed) > expirationTime;
 }
 
@@ -222,7 +227,7 @@ function getAuthorization(session, reqMethod, reqPath, authOptions) {
     }, function(response) {
       var statusCode = response.statusCode;
       var challenge = response.headers['www-authenticate'];
-      var hasChallenge = (challenge != null);
+      var hasChallenge = (challenge !== null);
       if (statusCode === 401 && hasChallenge) {
         authenticator = createAuthenticator(
           session,