carta-controller 3.0.0-beta.1b → 3.0.0-dev.20220222
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/config/config_schema.json +29 -3
- package/config/example_backend.json +7 -0
- package/config/preference_backend_schema_2.json +105 -0
- package/dist/auth/index.js +4 -1
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/ldap.js +1 -1
- package/dist/auth/ldap.js.map +1 -1
- package/dist/auth/local.js +38 -17
- package/dist/auth/local.js.map +1 -1
- package/dist/auth/pam.js +1 -1
- package/dist/auth/pam.js.map +1 -1
- package/dist/controllerTests.js +32 -24
- package/dist/index.js +8 -7
- package/dist/serverHandlers.js +53 -11
- package/dist/types.js +7 -0
- package/docs/_build/doctrees/configuration.doctree +0 -0
- package/docs/_build/doctrees/environment.pickle +0 -0
- package/docs/_build/doctrees/index.doctree +0 -0
- package/docs/_build/doctrees/introduction.doctree +0 -0
- package/docs/_build/doctrees/schema.doctree +0 -0
- package/docs/_build/html/.buildinfo +1 -1
- package/docs/_build/html/_sources/configuration.rst.txt +4 -1
- package/docs/_build/html/_sources/index.rst.txt +2 -2
- package/docs/_build/html/_sources/introduction.rst.txt +1 -1
- package/docs/_build/html/_static/config/config_schema.json +10 -0
- package/docs/_build/html/_static/documentation_options.js +1 -1
- package/docs/_build/html/configuration.html +5 -1
- package/docs/_build/html/genindex.html +1 -1
- package/docs/_build/html/index.html +2 -2
- package/docs/_build/html/installation.html +1 -1
- package/docs/_build/html/introduction.html +2 -2
- package/docs/_build/html/schema.html +56 -32
- package/docs/_build/html/search.html +1 -1
- package/docs/_build/html/searchindex.js +1 -1
- package/docs/_build/html/ubuntu_focal_instructions.html +1 -1
- package/docs/src/centos8_instructions.rst +248 -0
- package/docs/src/conf.py +1 -1
- package/docs/src/configuration.rst +62 -5
- package/docs/src/index.rst +7 -4
- package/docs/src/installation.rst +2 -2
- package/docs/src/introduction.rst +1 -1
- package/docs/src/schema_backend.rst +7 -0
- package/docs/src/ubuntu_focal_instructions.rst +2 -2
- package/package.json +2 -2
- package/public/dashboard.js +2 -2
- package/views/templated.pug +1 -1
package/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# CARTA Controller
|
|
2
2
|
|
|
3
|
-
[](https://github.com/CARTAvis/carta-backend/releases/tag/v3.0.0-beta.2)
|
|
4
|
+
[](https://npmjs.org/package/carta-controller "View this project on npm")
|
|
5
5
|
|
|
6
6
|
|
|
7
7
|
|
|
@@ -9,4 +9,4 @@ The CARTA controller provides a simple dashboard which authenticates users and a
|
|
|
9
9
|
|
|
10
10
|
For installation and configuration instructions, and more detailed information about the controller's features, please consult [the full documentation on ReadTheDocs](https://carta-controller.readthedocs.io/en/dev/).
|
|
11
11
|
|
|
12
|
-
If you encounter a problem with the controller or documentation, please submit an issue in the controller repo. If you need assistance in configuration or deployment, please contact the [CARTA helpdesk](mailto:
|
|
12
|
+
If you encounter a problem with the controller or documentation, please submit an issue in the controller repo. If you need assistance in configuration or deployment, please contact the [CARTA helpdesk](mailto:support@carta.freshdesk.com).
|
|
@@ -124,6 +124,16 @@
|
|
|
124
124
|
"1h",
|
|
125
125
|
"15m"
|
|
126
126
|
]
|
|
127
|
+
},
|
|
128
|
+
"scriptingTokenAge": {
|
|
129
|
+
"description": "Lifetime of scripting tokens",
|
|
130
|
+
"type": "string",
|
|
131
|
+
"default": "1w",
|
|
132
|
+
"examples": [
|
|
133
|
+
"1w",
|
|
134
|
+
"5d",
|
|
135
|
+
"10h"
|
|
136
|
+
]
|
|
127
137
|
}
|
|
128
138
|
}
|
|
129
139
|
},
|
|
@@ -399,8 +409,13 @@
|
|
|
399
409
|
"type": "string",
|
|
400
410
|
"examples": ["localhost", "127.0.0.1"]
|
|
401
411
|
},
|
|
412
|
+
"httpOnly": {
|
|
413
|
+
"description": "Allow HTTP-only connections. For testing or internal networks only",
|
|
414
|
+
"type": "boolean",
|
|
415
|
+
"default": false
|
|
416
|
+
},
|
|
402
417
|
"serverAddress": {
|
|
403
|
-
"description": "Public-facing server address",
|
|
418
|
+
"description": "Public-facing server address. If this is specified, all requests will be redirected to this address, otherwise any address used will be preserved",
|
|
404
419
|
"type": "string",
|
|
405
420
|
"format": "uri",
|
|
406
421
|
"pattern": "^https?://"
|
|
@@ -455,6 +470,11 @@
|
|
|
455
470
|
],
|
|
456
471
|
"default": "/usr/bin/carta_backend"
|
|
457
472
|
},
|
|
473
|
+
"preserveEnv": {
|
|
474
|
+
"description": "Use the --preserve-env argument when calling sudo",
|
|
475
|
+
"type": "boolean",
|
|
476
|
+
"default": true
|
|
477
|
+
},
|
|
458
478
|
"killCommand": {
|
|
459
479
|
"description": "Path to CARTA kill script",
|
|
460
480
|
"type": "string",
|
|
@@ -464,7 +484,7 @@
|
|
|
464
484
|
"default": "/usr/local/bin/carta-kill-script"
|
|
465
485
|
},
|
|
466
486
|
"rootFolderTemplate": {
|
|
467
|
-
"description": "Top-level path of directories accessible to CARTA. The `{username}` placeholder will be replaced with the username",
|
|
487
|
+
"description": "Top-level path of directories accessible to CARTA. The `{username}` placeholder will be replaced with the username. Defaults to `/usr/share/carta` if it exists, or `/usr/local/share/carta` if it exists. If neither exists and no default is provided, the controller exits with an error",
|
|
468
488
|
"type": "string",
|
|
469
489
|
"examples": [
|
|
470
490
|
"/home/{username}",
|
|
@@ -472,7 +492,7 @@
|
|
|
472
492
|
]
|
|
473
493
|
},
|
|
474
494
|
"baseFolderTemplate": {
|
|
475
|
-
"description": "Starting directory of CARTA. Must be a subfolder of rootFolderTemplate. The `{username}` placeholder will be replaced with the username",
|
|
495
|
+
"description": "Starting directory of CARTA. Must be a subfolder of rootFolderTemplate. The `{username}` placeholder will be replaced with the username. Defaults to the same value as `rootFolderTemplate`",
|
|
476
496
|
"type": "string",
|
|
477
497
|
"examples": [
|
|
478
498
|
"/home/{username}/CARTA",
|
|
@@ -565,6 +585,12 @@
|
|
|
565
585
|
]
|
|
566
586
|
}
|
|
567
587
|
}
|
|
588
|
+
},
|
|
589
|
+
"scriptingAccess": {
|
|
590
|
+
"description": "Control scripting access for users.",
|
|
591
|
+
"type": "string",
|
|
592
|
+
"enum": ["enabled-all-users", "disabled-all-users", "opt-in"],
|
|
593
|
+
"default": "disabled-all-users"
|
|
568
594
|
}
|
|
569
595
|
},
|
|
570
596
|
"if": {
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
3
|
+
"title": "Backend preferences",
|
|
4
|
+
"description": "Schema for CARTA backend preferences (Version 2)",
|
|
5
|
+
"$id": "carta_backend_preferences_2",
|
|
6
|
+
"required": [],
|
|
7
|
+
"properties": {
|
|
8
|
+
"verbosity": {
|
|
9
|
+
"type": "integer",
|
|
10
|
+
"enum": [
|
|
11
|
+
0,
|
|
12
|
+
1,
|
|
13
|
+
2,
|
|
14
|
+
3,
|
|
15
|
+
4,
|
|
16
|
+
5
|
|
17
|
+
],
|
|
18
|
+
"default": 4
|
|
19
|
+
},
|
|
20
|
+
"no_log": {
|
|
21
|
+
"type": "boolean",
|
|
22
|
+
"default": true
|
|
23
|
+
},
|
|
24
|
+
"log_performance": {
|
|
25
|
+
"type": "boolean",
|
|
26
|
+
"default": false
|
|
27
|
+
},
|
|
28
|
+
"log_protocol_messages": {
|
|
29
|
+
"type": "boolean",
|
|
30
|
+
"default": false
|
|
31
|
+
},
|
|
32
|
+
"no_frontend": {
|
|
33
|
+
"type": "boolean",
|
|
34
|
+
"default": false
|
|
35
|
+
},
|
|
36
|
+
"no_database": {
|
|
37
|
+
"type": "boolean",
|
|
38
|
+
"default": false
|
|
39
|
+
},
|
|
40
|
+
"no_http": {
|
|
41
|
+
"type": "boolean",
|
|
42
|
+
"default": false
|
|
43
|
+
},
|
|
44
|
+
"no_browser": {
|
|
45
|
+
"type": "boolean",
|
|
46
|
+
"default": false
|
|
47
|
+
},
|
|
48
|
+
"browser": {
|
|
49
|
+
"type": "string",
|
|
50
|
+
"default": ""
|
|
51
|
+
},
|
|
52
|
+
"host": {
|
|
53
|
+
"type": "string",
|
|
54
|
+
"minLength": 1,
|
|
55
|
+
"default": "0.0.0.0"
|
|
56
|
+
},
|
|
57
|
+
"port": {
|
|
58
|
+
"type": ["integer", "array"],
|
|
59
|
+
"default": 3002
|
|
60
|
+
},
|
|
61
|
+
"omp_threads": {
|
|
62
|
+
"type": "integer",
|
|
63
|
+
"default": -1
|
|
64
|
+
},
|
|
65
|
+
"top_level_folder": {
|
|
66
|
+
"type": "string",
|
|
67
|
+
"minLength": 1,
|
|
68
|
+
"default": "/"
|
|
69
|
+
},
|
|
70
|
+
"frontend_folder": {
|
|
71
|
+
"type": "string",
|
|
72
|
+
"minLength": 1,
|
|
73
|
+
"default": ""
|
|
74
|
+
},
|
|
75
|
+
"exit_timeout": {
|
|
76
|
+
"type": "integer",
|
|
77
|
+
"default": -1
|
|
78
|
+
},
|
|
79
|
+
"initial_timeout": {
|
|
80
|
+
"type": "integer",
|
|
81
|
+
"default": -1
|
|
82
|
+
},
|
|
83
|
+
"idle_timeout": {
|
|
84
|
+
"type": "integer",
|
|
85
|
+
"default": -1
|
|
86
|
+
},
|
|
87
|
+
"read_only_mode": {
|
|
88
|
+
"type": "boolean",
|
|
89
|
+
"default": false
|
|
90
|
+
},
|
|
91
|
+
"starting_folder": {
|
|
92
|
+
"type": "string",
|
|
93
|
+
"minLength": 1,
|
|
94
|
+
"default": ""
|
|
95
|
+
},
|
|
96
|
+
"event_thread_count": {
|
|
97
|
+
"type": "integer",
|
|
98
|
+
"default": -1
|
|
99
|
+
},
|
|
100
|
+
"enable_scripting": {
|
|
101
|
+
"type": "boolean",
|
|
102
|
+
"default": false
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
}
|
package/dist/auth/index.js
CHANGED
|
@@ -97,6 +97,9 @@ function authGuard(req, res, next) {
|
|
|
97
97
|
}
|
|
98
98
|
else {
|
|
99
99
|
req.username = getUser(token.username, token.iss);
|
|
100
|
+
if (token.scripting) {
|
|
101
|
+
req.scripting = true;
|
|
102
|
+
}
|
|
100
103
|
next();
|
|
101
104
|
}
|
|
102
105
|
}
|
|
@@ -115,7 +118,7 @@ function logoutHandler(req, res) {
|
|
|
115
118
|
path: config_1.RuntimeConfig.authPath,
|
|
116
119
|
maxAge: 0,
|
|
117
120
|
httpOnly: true,
|
|
118
|
-
secure:
|
|
121
|
+
secure: !config_1.ServerConfig.httpOnly,
|
|
119
122
|
sameSite: "strict"
|
|
120
123
|
});
|
|
121
124
|
return res.json({ success: true });
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAAoC;AACpC,mCAAmC;AACnC,kCAAgC;AAEhC,sCAAsD;AACtD,yCAAqE;AACrE,mCAA2E;AAC3E,iCAA2C;AAC3C,+BAAyC;AACzC,qCAAoE;AAEpE,2CAA2C;AAC3C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;AACnD,qCAAqC;AACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,IAAI,YAAY,GAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5C,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,IAAI,cAAc,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,+BAA+B,EAAC,CAAC;AACtE,CAAC,CAAC;AAEF,kBAAkB;AAClB,IAAI,qBAAY,CAAC,aAAa,CAAC,GAAG,EAAE;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,GAAG,CAAC;IAChD,6BAAqB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,wBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC5C,cAAc,GAAG,mCAA2B,CAAC,QAAQ,CAAC,CAAC;CAC1D;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE;IACxC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,6BAAqB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,0BAAmB,CAAC,QAAQ,CAAC,CAAC;IAC7C,cAAc,GAAG,mCAA2B,CAAC,QAAQ,CAAC,CAAC;CAC1D;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE;IAC1C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,MAAM,CAAC;IACnD,+BAAsB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACjD,IAAI,QAAQ,CAAC,eAAe,EAAE;QAC1B,yBAAc,CAAC,QAAQ,EAAE,2BAAkB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;KAC1E;CACJ;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC5C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,QAAQ,CAAC;IACrD,oCAAyB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IAC3C,IAAI,SAAS,EAAE;QACX,yBAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;KACzD;CACJ;AAED,iCAAiC;AACjC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE;IACtB,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;CACnB;AAED,SAAsB,WAAW,CAAC,YAAoB;;QAClD,MAAM,SAAS,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,SAAS,IAAI,SAAS,CAAC,GAAG,EAAE;YAC5B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE;gBACV,OAAO,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;aACvC;SACJ;QACD,OAAO,SAAS,CAAC;IACrB,CAAC;CAAA;AATD,kCASC;AAED,SAAgB,OAAO,CAAC,QAAgB,EAAE,MAAc;IACpD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,OAAO,EAAE;QACT,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;KAChC;SAAM;QACH,OAAO,QAAQ,CAAC;KACnB;AACL,CAAC;AAPD,0BAOC;AAED,qGAAqG;AACrG,SAAsB,SAAS,CAAC,GAAyB,EAAE,GAAqB,EAAE,IAA0B;;QACxG,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC;QAC9B,IAAI,WAAW,EAAE;YACb,IAAI;gBACA,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;gBAC7C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;oBAC3B,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;iBACtD;qBAAM;oBACH,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClD,IAAI,EAAE,CAAC;iBACV;aACJ;YAAC,OAAO,GAAG,EAAE;gBACV,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAC,CAAC,CAAC;aACjD;SACJ;aAAM;YACH,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;SACtD;IACL,CAAC;CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAAoC;AACpC,mCAAmC;AACnC,kCAAgC;AAEhC,sCAAsD;AACtD,yCAAqE;AACrE,mCAA2E;AAC3E,iCAA2C;AAC3C,+BAAyC;AACzC,qCAAoE;AAEpE,2CAA2C;AAC3C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;AACnD,qCAAqC;AACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,IAAI,YAAY,GAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5C,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,IAAI,cAAc,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,+BAA+B,EAAC,CAAC;AACtE,CAAC,CAAC;AAEF,kBAAkB;AAClB,IAAI,qBAAY,CAAC,aAAa,CAAC,GAAG,EAAE;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,GAAG,CAAC;IAChD,6BAAqB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,wBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC5C,cAAc,GAAG,mCAA2B,CAAC,QAAQ,CAAC,CAAC;CAC1D;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE;IACxC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,6BAAqB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,0BAAmB,CAAC,QAAQ,CAAC,CAAC;IAC7C,cAAc,GAAG,mCAA2B,CAAC,QAAQ,CAAC,CAAC;CAC1D;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE;IAC1C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,MAAM,CAAC;IACnD,+BAAsB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACjD,IAAI,QAAQ,CAAC,eAAe,EAAE;QAC1B,yBAAc,CAAC,QAAQ,EAAE,2BAAkB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;KAC1E;CACJ;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC5C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,QAAQ,CAAC;IACrD,oCAAyB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IAC3C,IAAI,SAAS,EAAE;QACX,yBAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;KACzD;CACJ;AAED,iCAAiC;AACjC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE;IACtB,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;CACnB;AAED,SAAsB,WAAW,CAAC,YAAoB;;QAClD,MAAM,SAAS,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,SAAS,IAAI,SAAS,CAAC,GAAG,EAAE;YAC5B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE;gBACV,OAAO,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;aACvC;SACJ;QACD,OAAO,SAAS,CAAC;IACrB,CAAC;CAAA;AATD,kCASC;AAED,SAAgB,OAAO,CAAC,QAAgB,EAAE,MAAc;IACpD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,OAAO,EAAE;QACT,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;KAChC;SAAM;QACH,OAAO,QAAQ,CAAC;KACnB;AACL,CAAC;AAPD,0BAOC;AAED,qGAAqG;AACrG,SAAsB,SAAS,CAAC,GAAyB,EAAE,GAAqB,EAAE,IAA0B;;QACxG,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC;QAC9B,IAAI,WAAW,EAAE;YACb,IAAI;gBACA,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;gBAC7C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;oBAC3B,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;iBACtD;qBAAM;oBACH,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClD,IAAI,KAAK,CAAC,SAAS,EAAE;wBACjB,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;qBACxB;oBACD,IAAI,EAAE,CAAC;iBACV;aACJ;YAAC,OAAO,GAAG,EAAE;gBACV,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAC,CAAC,CAAC;aACjD;SACJ;aAAM;YACH,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;SACtD;IACL,CAAC;CAAA;AApBD,8BAoBC;AAED,SAAS,aAAa,CAAC,GAAoB,EAAE,GAAqB;IAC9D,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;QAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,CAAC;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,IAAI,EAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,eAAe,CAAC,GAAyB,EAAE,GAAqB;IACrE,GAAG,CAAC,IAAI,CAAC;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACzB,CAAC,CAAC;AACP,CAAC;AAEY,QAAA,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;AAC3C,kBAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;AACjD,kBAAU,CAAC,IAAI,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACnD,kBAAU,CAAC,IAAI,CAAC,UAAU,EAAE,cAAO,EAAE,cAAc,CAAC,CAAC;AACrD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC"}
|
package/dist/auth/ldap.js
CHANGED
|
@@ -38,7 +38,7 @@ function getLdapLoginHandler(authConf) {
|
|
|
38
38
|
try {
|
|
39
39
|
const uid = userid.uid(username);
|
|
40
40
|
console.log(`Authenticated as user ${username} with uid ${uid} using LDAP`);
|
|
41
|
-
return local_1.addTokensToResponse(authConf, username
|
|
41
|
+
return local_1.addTokensToResponse(res, authConf, username);
|
|
42
42
|
}
|
|
43
43
|
catch (e) {
|
|
44
44
|
util_1.verboseError(e);
|
package/dist/auth/ldap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AACjC,0CAA0C;AAE1C,mCAA4C;AAC5C,kCAAiD;AAEjD,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAA,MAAC,IAAY,0CAAE,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;SAC3C;aAAM;YACH,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;SACxC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE;gBACL,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE;gBACxB,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACvF,iBAAU,CAAC,IAAI,CAAC,CAAC;aACpB;YACD,IAAI;gBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;gBAC5E,OAAO,2BAAmB,CAAC,
|
|
1
|
+
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AACjC,0CAA0C;AAE1C,mCAA4C;AAC5C,kCAAiD;AAEjD,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAA,MAAC,IAAY,0CAAE,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;SAC3C;aAAM;YACH,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;SACxC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE;gBACL,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE;gBACxB,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACvF,iBAAU,CAAC,IAAI,CAAC,CAAC;aACpB;YACD,IAAI;gBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;gBAC5E,OAAO,2BAAmB,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;aACvD;YAAC,OAAO,CAAC,EAAE;gBACR,mBAAY,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;aAClF;QACL,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;;YAClD,MAAM,QAAQ,GAAG,KAAc,CAAC;YAChC,oDAAoD;YACpD,IAAI,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,EAAE;gBAC1D,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC1D,+CAA+C;gBAC/C,UAAU,CAAC,GAAG,EAAE;oBACZ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACtD,CAAC,EAAE,GAAG,CAAC,CAAC;aACX;iBAAM;gBACH,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aAC3B;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAxDD,kDAwDC"}
|
package/dist/auth/local.js
CHANGED
|
@@ -9,41 +9,57 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.generateLocalRefreshHandler = exports.generateLocalVerifier = exports.addTokensToResponse = exports.generateToken = void 0;
|
|
12
|
+
exports.generateLocalRefreshHandler = exports.generateLocalVerifier = exports.addTokensToResponse = exports.generateToken = exports.TokenType = void 0;
|
|
13
|
+
const types_1 = require("../types");
|
|
13
14
|
const fs = require("fs");
|
|
14
15
|
const jwt = require("jsonwebtoken");
|
|
15
16
|
const userid = require("userid");
|
|
16
17
|
const index_1 = require("./index");
|
|
17
|
-
const ms = require("ms");
|
|
18
18
|
const config_1 = require("../config");
|
|
19
|
+
const ms = require("ms");
|
|
19
20
|
let privateKey;
|
|
20
|
-
|
|
21
|
+
var TokenType;
|
|
22
|
+
(function (TokenType) {
|
|
23
|
+
TokenType[TokenType["Access"] = 0] = "Access";
|
|
24
|
+
TokenType[TokenType["Refresh"] = 1] = "Refresh";
|
|
25
|
+
TokenType[TokenType["Scripting"] = 2] = "Scripting";
|
|
26
|
+
})(TokenType = exports.TokenType || (exports.TokenType = {}));
|
|
27
|
+
function generateToken(authConf, username, tokenType) {
|
|
21
28
|
if (!privateKey) {
|
|
22
29
|
privateKey = fs.readFileSync(authConf.privateKeyLocation);
|
|
23
30
|
}
|
|
24
31
|
if (!authConf || !privateKey) {
|
|
25
32
|
return null;
|
|
26
33
|
}
|
|
27
|
-
|
|
34
|
+
const payload = {
|
|
28
35
|
iss: authConf.issuer,
|
|
29
|
-
username
|
|
30
|
-
|
|
31
|
-
|
|
36
|
+
username
|
|
37
|
+
};
|
|
38
|
+
const options = {
|
|
32
39
|
algorithm: authConf.keyAlgorithm,
|
|
33
|
-
expiresIn:
|
|
34
|
-
}
|
|
40
|
+
expiresIn: authConf.accessTokenAge
|
|
41
|
+
};
|
|
42
|
+
if (tokenType === TokenType.Refresh) {
|
|
43
|
+
payload.refresh = true;
|
|
44
|
+
options.expiresIn = authConf.refreshTokenAge;
|
|
45
|
+
}
|
|
46
|
+
else if (tokenType === TokenType.Scripting) {
|
|
47
|
+
payload.scripting = true;
|
|
48
|
+
options.expiresIn = authConf.scriptingTokenAge;
|
|
49
|
+
}
|
|
50
|
+
return jwt.sign(payload, privateKey, options);
|
|
35
51
|
}
|
|
36
52
|
exports.generateToken = generateToken;
|
|
37
|
-
function addTokensToResponse(authConf, username
|
|
38
|
-
const refreshToken = generateToken(authConf, username,
|
|
53
|
+
function addTokensToResponse(res, authConf, username) {
|
|
54
|
+
const refreshToken = generateToken(authConf, username, TokenType.Refresh);
|
|
39
55
|
res.cookie("Refresh-Token", refreshToken, {
|
|
40
56
|
path: config_1.RuntimeConfig.authPath,
|
|
41
57
|
maxAge: ms(authConf.refreshTokenAge),
|
|
42
58
|
httpOnly: true,
|
|
43
|
-
secure:
|
|
59
|
+
secure: !config_1.ServerConfig.httpOnly,
|
|
44
60
|
sameSite: "strict"
|
|
45
61
|
});
|
|
46
|
-
const access_token = generateToken(authConf, username,
|
|
62
|
+
const access_token = generateToken(authConf, username, TokenType.Access);
|
|
47
63
|
res.json({
|
|
48
64
|
access_token,
|
|
49
65
|
token_type: "bearer",
|
|
@@ -66,22 +82,27 @@ function generateLocalVerifier(verifierMap, authConf) {
|
|
|
66
82
|
exports.generateLocalVerifier = generateLocalVerifier;
|
|
67
83
|
function generateLocalRefreshHandler(authConf) {
|
|
68
84
|
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
|
|
85
|
+
var _a;
|
|
69
86
|
const refreshTokenCookie = req.cookies["Refresh-Token"];
|
|
87
|
+
const scriptingToken = ((_a = req.body) === null || _a === void 0 ? void 0 : _a.scripting) === true;
|
|
70
88
|
if (refreshTokenCookie) {
|
|
71
89
|
try {
|
|
72
90
|
const refreshToken = yield index_1.verifyToken(refreshTokenCookie);
|
|
73
|
-
if (!refreshToken || !refreshToken.username || !refreshToken.
|
|
91
|
+
if (!refreshToken || !refreshToken.username || !refreshToken.refresh) {
|
|
74
92
|
next({ statusCode: 403, message: "Not authorized" });
|
|
75
93
|
}
|
|
94
|
+
else if (scriptingToken && config_1.ServerConfig.scriptingAccess !== types_1.ScriptingAccess.Enabled) {
|
|
95
|
+
next({ statusCode: 500, message: "Scripting access not enabled for this server" });
|
|
96
|
+
}
|
|
76
97
|
else {
|
|
77
98
|
const uid = userid.uid(refreshToken.username);
|
|
78
|
-
const access_token = generateToken(authConf, refreshToken.username,
|
|
79
|
-
console.log(`Refreshed access token for user ${refreshToken.username} with uid ${uid}`);
|
|
99
|
+
const access_token = generateToken(authConf, refreshToken.username, scriptingToken ? TokenType.Scripting : TokenType.Access);
|
|
100
|
+
console.log(`Refreshed ${scriptingToken ? "scripting" : "access"} token for user ${refreshToken.username} with uid ${uid}`);
|
|
80
101
|
res.json({
|
|
81
102
|
access_token,
|
|
82
103
|
token_type: "bearer",
|
|
83
104
|
username: refreshToken.username,
|
|
84
|
-
expires_in: ms(authConf.accessTokenAge) / 1000
|
|
105
|
+
expires_in: ms(scriptingToken ? authConf.scriptingTokenAge : authConf.accessTokenAge) / 1000
|
|
85
106
|
});
|
|
86
107
|
}
|
|
87
108
|
}
|
package/dist/auth/local.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAA+F;AAC/F,yBAAyB;AACzB,oCAAoC;AAGpC,iCAAiC;AACjC,mCAAoC;AACpC,sCAAsD;AACtD,yBAA0B;AAE1B,IAAI,UAAkB,CAAC;AAEvB,IAAY,SAIX;AAJD,WAAY,SAAS;IACjB,6CAAM,CAAA;IACN,+CAAO,CAAA;IACP,mDAAS,CAAA;AACb,CAAC,EAJW,SAAS,GAAT,iBAAS,KAAT,iBAAS,QAIpB;AAED,SAAgB,aAAa,CAAC,QAA8B,EAAE,QAAgB,EAAE,SAAoB;IAChG,IAAI,CAAC,UAAU,EAAE;QACb,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;KAC7D;IACD,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE;QAC1B,OAAO,IAAI,CAAC;KACf;IAED,MAAM,OAAO,GAAQ;QACjB,GAAG,EAAE,QAAQ,CAAC,MAAM;QACpB,QAAQ;KACX,CAAC;IAEF,MAAM,OAAO,GAAoB;QAC7B,SAAS,EAAE,QAAQ,CAAC,YAAY;QAChC,SAAS,EAAE,QAAQ,CAAC,cAAc;KACrC,CAAC;IAEF,IAAI,SAAS,KAAK,SAAS,CAAC,OAAO,EAAE;QACjC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACvB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;KAChD;SAAM,IAAI,SAAS,KAAK,SAAS,CAAC,SAAS,EAAE;QAC1C,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,iBAAiB,CAAC;KAClD;IAED,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC;AA3BD,sCA2BC;AAED,SAAgB,mBAAmB,CAAC,GAAqB,EAAE,QAA8B,EAAE,QAAgB;IACvG,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1E,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,EAAE;QACtC,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,eAAyB,CAAC;QAC9C,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAEzE,GAAG,CAAC,IAAI,CAAC;QACL,YAAY;QACZ,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,EAAE,CAAC,QAAQ,CAAC,cAAwB,CAAC,GAAG,IAAI;KAC3D,CAAC,CAAC;AACP,CAAC;AAjBD,kDAiBC;AAED,SAAgB,qBAAqB,CAAC,WAAkC,EAAE,QAA8B;IACpG,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAC9D,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE;QAC5C,MAAM,OAAO,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE,EAAC,SAAS,EAAE,QAAQ,CAAC,YAAY,EAAkB,CAAC,CAAC;QAC9G,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,MAAM,EAAE;YAC5C,OAAO,OAAO,CAAC;SAClB;aAAM;YACH,OAAO,SAAS,CAAC;SACpB;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAVD,sDAUC;AAED,SAAgB,2BAA2B,CAAC,QAA8B;IACtE,OAAO,CAAO,GAAoB,EAAE,GAAqB,EAAE,IAA0B,EAAE,EAAE;;QACrF,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QACpD,IAAI,kBAAkB,EAAE;YACpB,IAAI;gBACA,MAAM,YAAY,GAAG,MAAM,mBAAW,CAAC,kBAAkB,CAAC,CAAC;gBAC3D,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE;oBAClE,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;iBACtD;qBAAM,IAAI,cAAc,IAAI,qBAAY,CAAC,eAAe,KAAK,uBAAe,CAAC,OAAO,EAAE;oBACnF,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,8CAA8C,EAAC,CAAC,CAAC;iBACpF;qBAAM;oBACH,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;oBAC9C,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;oBAC7H,OAAO,CAAC,GAAG,CAAC,aAAa,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,mBAAmB,YAAY,CAAC,QAAQ,aAAa,GAAG,EAAE,CAAC,CAAC;oBAC5H,GAAG,CAAC,IAAI,CAAC;wBACL,YAAY;wBACZ,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,UAAU,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAE,QAAQ,CAAC,cAAyB,CAAC,GAAG,IAAI;qBAC3G,CAAC,CAAC;iBACN;aACJ;YAAC,OAAO,GAAG,EAAE;gBACV,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;aAC7D;SACJ;aAAM;YACH,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;SAC7D;IACL,CAAC,CAAA,CAAC;AACN,CAAC;AA7BD,kEA6BC"}
|
package/dist/auth/pam.js
CHANGED
|
@@ -20,7 +20,7 @@ function getPamLoginHandler(authConf) {
|
|
|
20
20
|
try {
|
|
21
21
|
const uid = userid.uid(username);
|
|
22
22
|
console.log(`Authenticated as user ${username} with uid ${uid} using PAM`);
|
|
23
|
-
return local_1.addTokensToResponse(authConf, username
|
|
23
|
+
return local_1.addTokensToResponse(res, authConf, username);
|
|
24
24
|
}
|
|
25
25
|
catch (e) {
|
|
26
26
|
return res.status(403).json({ statusCode: 403, message: "User does not exist" });
|
package/dist/auth/pam.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AAEjC,mCAA4C;AAE5C,SAAgB,kBAAkB,CAAC,QAA8B;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,eAAe,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,EAAE,CAAC,GAAmB,EAAE,IAAY,EAAE,EAAE;YACxE,IAAI,GAAG,EAAE;gBACL,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;iBAAM;gBACH,IAAI;oBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC3E,OAAO,2BAAmB,CAAC,
|
|
1
|
+
{"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AAEjC,mCAA4C;AAE5C,SAAgB,kBAAkB,CAAC,QAA8B;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,eAAe,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,EAAE,CAAC,GAAmB,EAAE,IAAY,EAAE,EAAE;YACxE,IAAI,GAAG,EAAE;gBACL,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;iBAAM;gBACH,IAAI;oBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC3E,OAAO,2BAAmB,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBACvD;gBAAC,OAAO,CAAC,EAAE;oBACR,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;iBAClF;aACJ;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAzBD,gDAyBC"}
|
package/dist/controllerTests.js
CHANGED
|
@@ -40,7 +40,7 @@ function runTests(username) {
|
|
|
40
40
|
}
|
|
41
41
|
yield testDatabase();
|
|
42
42
|
if (config_1.ServerConfig.logFileTemplate) {
|
|
43
|
-
testLog(username);
|
|
43
|
+
yield testLog(username);
|
|
44
44
|
}
|
|
45
45
|
testFrontend();
|
|
46
46
|
const backendProcess = yield testBackendStartup(username);
|
|
@@ -49,18 +49,21 @@ function runTests(username) {
|
|
|
49
49
|
}
|
|
50
50
|
exports.runTests = runTests;
|
|
51
51
|
function testLog(username) {
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
52
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
53
|
+
const logLocation = config_1.ServerConfig.logFileTemplate.replace("{username}", username).replace("{pid}", "9999").replace("{datetime}", moment().format("YYYYMMDD.h_mm_ss"));
|
|
54
|
+
try {
|
|
55
|
+
const logStream = fs.createWriteStream(logLocation, { flags: "a" });
|
|
56
|
+
// Transform callbacks into awaits
|
|
57
|
+
yield new Promise(res => logStream.write("test", res));
|
|
58
|
+
yield new Promise(res => logStream.end(res));
|
|
59
|
+
fs.unlinkSync(logLocation);
|
|
60
|
+
console.log(logSymbols.success, `Checked log writing for user ${username}`);
|
|
61
|
+
}
|
|
62
|
+
catch (err) {
|
|
63
|
+
util_1.verboseError(err);
|
|
64
|
+
throw new Error(`Could not create log file at ${logLocation} for user ${username}. Please check your config file's logFileTemplate option`);
|
|
65
|
+
}
|
|
66
|
+
});
|
|
64
67
|
}
|
|
65
68
|
function testLdap(authConf, username) {
|
|
66
69
|
return new Promise((resolve, reject) => {
|
|
@@ -144,7 +147,7 @@ function testUid(username) {
|
|
|
144
147
|
function testToken(authConf, username) {
|
|
145
148
|
let token;
|
|
146
149
|
try {
|
|
147
|
-
token = local_1.generateToken(authConf, username,
|
|
150
|
+
token = local_1.generateToken(authConf, username, local_1.TokenType.Access);
|
|
148
151
|
}
|
|
149
152
|
catch (e) {
|
|
150
153
|
util_1.verboseError(e);
|
|
@@ -177,28 +180,33 @@ function testFrontend() {
|
|
|
177
180
|
function testBackendStartup(username) {
|
|
178
181
|
return __awaiter(this, void 0, void 0, function* () {
|
|
179
182
|
const port = config_1.ServerConfig.backendPorts.max - 1;
|
|
180
|
-
let args = [
|
|
181
|
-
|
|
183
|
+
let args = [];
|
|
184
|
+
if (config_1.ServerConfig.preserveEnv) {
|
|
185
|
+
args.push("--preserve-env=CARTA_AUTH_TOKEN");
|
|
186
|
+
}
|
|
187
|
+
args = args.concat([
|
|
188
|
+
"-n",
|
|
182
189
|
"-u",
|
|
183
190
|
`${username}`,
|
|
184
191
|
config_1.ServerConfig.processCommand,
|
|
185
192
|
"--no_http",
|
|
186
|
-
"true",
|
|
187
193
|
"--debug_no_auth",
|
|
188
|
-
"true",
|
|
189
|
-
"--no_log",
|
|
190
|
-
config_1.ServerConfig.logFileTemplate ? "true" : "false",
|
|
191
194
|
"--port",
|
|
192
195
|
`${port}`,
|
|
193
196
|
"--top_level_folder",
|
|
194
|
-
config_1.ServerConfig.rootFolderTemplate.replace("{username}", username)
|
|
195
|
-
|
|
196
|
-
|
|
197
|
+
config_1.ServerConfig.rootFolderTemplate.replace("{username}", username)
|
|
198
|
+
]);
|
|
199
|
+
if (config_1.ServerConfig.logFileTemplate) {
|
|
200
|
+
args.push("--no_log");
|
|
201
|
+
}
|
|
197
202
|
if (config_1.ServerConfig.additionalArgs) {
|
|
198
203
|
args = args.concat(config_1.ServerConfig.additionalArgs);
|
|
199
204
|
}
|
|
205
|
+
// Finally, add the positional argument for the base folder
|
|
206
|
+
args.push(config_1.ServerConfig.baseFolderTemplate.replace("{username}", username));
|
|
200
207
|
util_1.verboseLog(`running sudo ${args.join(" ")}`);
|
|
201
|
-
|
|
208
|
+
// Use same stdout and stderr stream for the backend process
|
|
209
|
+
const backendProcess = child_process_1.spawn("sudo", args, { stdio: "inherit" });
|
|
202
210
|
yield util_1.delay(2000);
|
|
203
211
|
if (backendProcess.signalCode) {
|
|
204
212
|
throw new Error(`Backend process terminated with code ${backendProcess.signalCode}. Please check your sudoers config, processCommand option and additionalArgs section`);
|
package/dist/index.js
CHANGED
|
@@ -41,16 +41,15 @@ if (config_1.testUser) {
|
|
|
41
41
|
else {
|
|
42
42
|
let app = express();
|
|
43
43
|
app.use(bodyParser.urlencoded({ extended: true }));
|
|
44
|
-
app.use(bodyParser.json());
|
|
45
44
|
app.use(cookieParser());
|
|
46
45
|
app.use(bearerToken());
|
|
47
46
|
app.use(cors());
|
|
48
47
|
app.use(compression());
|
|
49
48
|
app.set("view engine", "pug");
|
|
50
49
|
app.set("views", path.join(__dirname, "../views"));
|
|
51
|
-
app.use("/api/auth", auth_1.authRouter);
|
|
52
|
-
app.use("/api/server", serverHandlers_1.serverRouter);
|
|
53
|
-
app.use("/api/database", database_1.databaseRouter);
|
|
50
|
+
app.use("/api/auth", bodyParser.json(), auth_1.authRouter);
|
|
51
|
+
app.use("/api/server", bodyParser.json(), serverHandlers_1.serverRouter);
|
|
52
|
+
app.use("/api/database", bodyParser.json(), database_1.databaseRouter);
|
|
54
53
|
app.use("/config", (req, res) => {
|
|
55
54
|
return res.json(config_1.RuntimeConfig);
|
|
56
55
|
});
|
|
@@ -91,7 +90,7 @@ else {
|
|
|
91
90
|
return res.redirect((_c = config_1.ServerConfig.serverAddress) !== null && _c !== void 0 ? _c : "");
|
|
92
91
|
}
|
|
93
92
|
});
|
|
94
|
-
app.get("/dashboard",
|
|
93
|
+
app.get("/dashboard", (req, res) => {
|
|
95
94
|
var _a, _b, _c, _d, _e, _f, _g;
|
|
96
95
|
res.render("templated", {
|
|
97
96
|
clientId: (_a = config_1.ServerConfig.authProviders.google) === null || _a === void 0 ? void 0 : _a.clientId,
|
|
@@ -105,6 +104,9 @@ else {
|
|
|
105
104
|
});
|
|
106
105
|
});
|
|
107
106
|
app.use("/dashboard", express.static(path.join(__dirname, "../public")));
|
|
107
|
+
// Scripting proxy
|
|
108
|
+
const backendProxy = httpProxy.createServer({ ws: true });
|
|
109
|
+
app.post("/api/scripting/*", auth_1.authGuard, serverHandlers_1.createScriptingProxyHandler(backendProxy));
|
|
108
110
|
// Simplified error handling
|
|
109
111
|
app.use((err, req, res, next) => {
|
|
110
112
|
err.statusCode = err.statusCode || 500;
|
|
@@ -114,9 +116,8 @@ else {
|
|
|
114
116
|
message: err.message
|
|
115
117
|
});
|
|
116
118
|
});
|
|
117
|
-
const expressServer = http.createServer(app);
|
|
118
|
-
const backendProxy = httpProxy.createServer({ ws: true });
|
|
119
119
|
// Handle WS connections
|
|
120
|
+
const expressServer = http.createServer(app);
|
|
120
121
|
expressServer.on("upgrade", serverHandlers_1.createUpgradeHandler(backendProxy));
|
|
121
122
|
// Handle WS disconnects
|
|
122
123
|
backendProxy.on("error", (err) => {
|