-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathindex.js
175 lines (140 loc) · 5.96 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
var Hoek = require('hoek');
var rack = require('hat').rack();
var Scheme = function (server, options) {
Hoek.assert(this.constructor === Scheme, 'Scheme must be instantiated using new');
Hoek.assert(server, 'Server is required');
Hoek.assert(options, 'Invalid options');
Hoek.assert(!options.validateFunc || typeof options.validateFunc === 'function', 'Invalid validateFunc method in options');
Hoek.assert(options.password, 'Missing required password in options');
Hoek.assert(!options.appendNext || options.redirectTo, 'Cannot set appendNext without redirectTo');
if (server.pack) {
this.hapi = server.pack.hapi;
this.isPlugin = false;
} else {
this.hapi = server.hapi;
this.isPlugin = true;
}
Hoek.assert(this.hapi, 'Must pass a server or pack object');
this.settings = Hoek.clone(options);
this.settings.ttl = this.settings.ttl || 1000 * 60 * 60 * 24; // one day
this.settings.cookie = this.settings.cookie || 'sid';
this.cache = this.isPlugin ? server.cache({ expiresIn: this.settings.ttl }) : server.cache('_sessions', { expiresIn: this.settings.ttl });
var cookieOptions = {
encoding: 'iron',
ttl: this.settings.ttl,
password: this.settings.password,
isSecure: this.settings.isSecure !== false,
isHttpOnly: this.settings.isHttpOnly !== false,
path: '/'
};
if (this.settings.ttl) {
cookieOptions.ttl = this.settings.ttl;
}
server.state(this.settings.cookie, cookieOptions);
if (typeof this.settings.appendNext === 'boolean') {
this.settings.appendNext = this.settings.appendNext ? 'next' : '';
}
return this;
};
Scheme.prototype.authenticate = function (request, callback) {
var self = this;
callback = Hoek.nextTick(callback);
var validate = function () {
var sessionId;
if (!request.state.hasOwnProperty(self.settings.cookie)) {
return unauthenticated(self.hapi.error.unauthorized());
}
sessionId = request.state[self.settings.cookie];
if (typeof sessionId !== 'string') {
return unauthenticated(self.hapi.error.unauthorized());
}
self.cache.get(sessionId, function (err, session) {
if (!session) {
return unauthenticated(self.hapi.error.unauthorized());
}
// we have the session
if (!self.settings.validateFunc) {
return callback(null, session.item);
}
self.settings.validateFunc(session.item, function (err, isValid, credentials) {
if (err || !isValid) {
if (self.settings.clearInvalid) {
request.clearState(self.settings.cookie);
self.cache.drop(sessionId, function (err) {
return unauthenticated(self.hapi.error.unauthorized('Invalid cookie'), session.item, { log: (err ? { data: err } : 'Failed validation') });
});
}
}
if (credentials) {
self.cache.set(sessionId, credentials, 0, function (err) {
return callback(err, credentials);
});
} else {
return callback(null, session.item);
}
});
});
};
var unauthenticated = function (err, session, options) {
if (!self.settings.redirectTo) {
return callback(err, session, options);
}
var uri = self.settings.redirectTo;
if (self.settings.appendNext) {
if (uri.indexOf('?') !== -1) {
uri += '&';
} else {
uri += '?';
}
uri += self.settings.appendNext + '=' + encodeURIComponent(request.url.path);
}
var response = new self.hapi.response.Redirection(uri);
if (self.settings.saveNext) {
response.state('next', request.url.path, { path: '/' });
}
return callback(response, session, options);
};
validate();
};
Scheme.prototype.extend = function (request) {
var self = this;
Hoek.assert(!request.auth.session, 'The session scheme may not be registered more than once, nor with the cookie scheme');
request.auth.session = {
set: function (session, callback) {
Hoek.assert(session && typeof session === 'object', 'Invalid session');
var sessionId;
if (request.state.hasOwnProperty(self.settings.cookie)) {
sessionId = request.state[self.settings.cookie];
if (typeof sessionId !== 'string') {
// we have an invalid cookie set, so overwrite it
sessionId = rack();
request.setState(self.settings.cookie, sessionId);
}
// we have a session id already, so just fetch it and reuse it
} else {
sessionId = rack();
request.setState(self.settings.cookie, sessionId);
// make a new session id and save the cookie
}
self.cache.set(sessionId, session, 0, function (err) {
// save to the configured server cache
if (typeof callback === 'function') callback(err);
});
// return the sessionId for some use cases
return sessionId;
},
clear: function (callback) {
var sessionId;
if (request.state.hasOwnProperty(self.settings.cookie)) {
sessionId = request.state[self.settings.cookie];
self.cache.drop(sessionId, function (err) {
// remove the session from the cache
if (typeof callback === 'function') callback(err);
});
}
request.clearState(self.settings.cookie);
// delete the cookie
}
};
};
module.exports = Scheme;