carta-controller 3.0.0-beta.1d → 3.0.0-dev.20220301
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/config/config_schema.json +29 -3
- package/config/example_backend.json +7 -0
- package/config/preference_backend_schema_2.json +105 -0
- package/dist/auth/index.js +13 -10
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/ldap.js +3 -3
- package/dist/auth/ldap.js.map +1 -1
- package/dist/auth/local.js +38 -17
- package/dist/auth/local.js.map +1 -1
- package/dist/auth/pam.js +1 -1
- package/dist/auth/pam.js.map +1 -1
- package/dist/config.js +2 -2
- package/dist/controllerTests.js +17 -17
- package/dist/database.js +9 -9
- package/dist/index.js +11 -10
- package/dist/serverHandlers.js +54 -17
- package/dist/types.js +7 -0
- package/docs/src/centos8_instructions.rst +248 -0
- package/docs/src/conf.py +1 -1
- package/docs/src/configuration.rst +58 -4
- package/docs/src/index.rst +7 -4
- package/docs/src/installation.rst +2 -2
- package/docs/src/introduction.rst +1 -1
- package/docs/src/schema_backend.rst +7 -0
- package/docs/src/ubuntu_focal_instructions.rst +2 -2
- package/package.json +3 -3
- package/public/dashboard.js +2 -2
- package/views/templated.pug +1 -1
package/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# CARTA Controller
|
|
2
2
|
|
|
3
|
-
[](https://github.com/CARTAvis/carta-backend/releases/tag/v3.0.0-beta.2)
|
|
4
|
+
[](https://npmjs.org/package/carta-controller "View this project on npm")
|
|
5
5
|
|
|
6
6
|
|
|
7
7
|
|
|
@@ -9,4 +9,4 @@ The CARTA controller provides a simple dashboard which authenticates users and a
|
|
|
9
9
|
|
|
10
10
|
For installation and configuration instructions, and more detailed information about the controller's features, please consult [the full documentation on ReadTheDocs](https://carta-controller.readthedocs.io/en/dev/).
|
|
11
11
|
|
|
12
|
-
If you encounter a problem with the controller or documentation, please submit an issue in the controller repo. If you need assistance in configuration or deployment, please contact the [CARTA helpdesk](mailto:
|
|
12
|
+
If you encounter a problem with the controller or documentation, please submit an issue in the controller repo. If you need assistance in configuration or deployment, please contact the [CARTA helpdesk](mailto:support@carta.freshdesk.com).
|
|
@@ -124,6 +124,16 @@
|
|
|
124
124
|
"1h",
|
|
125
125
|
"15m"
|
|
126
126
|
]
|
|
127
|
+
},
|
|
128
|
+
"scriptingTokenAge": {
|
|
129
|
+
"description": "Lifetime of scripting tokens",
|
|
130
|
+
"type": "string",
|
|
131
|
+
"default": "1w",
|
|
132
|
+
"examples": [
|
|
133
|
+
"1w",
|
|
134
|
+
"5d",
|
|
135
|
+
"10h"
|
|
136
|
+
]
|
|
127
137
|
}
|
|
128
138
|
}
|
|
129
139
|
},
|
|
@@ -184,6 +194,16 @@
|
|
|
184
194
|
"15m"
|
|
185
195
|
]
|
|
186
196
|
},
|
|
197
|
+
"scriptingTokenAge": {
|
|
198
|
+
"description": "Lifetime of scripting tokens",
|
|
199
|
+
"type": "string",
|
|
200
|
+
"default": "1w",
|
|
201
|
+
"examples": [
|
|
202
|
+
"1w",
|
|
203
|
+
"5d",
|
|
204
|
+
"10h"
|
|
205
|
+
]
|
|
206
|
+
},
|
|
187
207
|
"ldapOptions": {
|
|
188
208
|
"description": "Options to path through to the LDAP auth instance",
|
|
189
209
|
"type": "object",
|
|
@@ -405,7 +425,7 @@
|
|
|
405
425
|
"default": false
|
|
406
426
|
},
|
|
407
427
|
"serverAddress": {
|
|
408
|
-
"description": "Public-facing server address",
|
|
428
|
+
"description": "Public-facing server address. If this is specified, all requests will be redirected to this address, otherwise any address used will be preserved",
|
|
409
429
|
"type": "string",
|
|
410
430
|
"format": "uri",
|
|
411
431
|
"pattern": "^https?://"
|
|
@@ -474,7 +494,7 @@
|
|
|
474
494
|
"default": "/usr/local/bin/carta-kill-script"
|
|
475
495
|
},
|
|
476
496
|
"rootFolderTemplate": {
|
|
477
|
-
"description": "Top-level path of directories accessible to CARTA. The `{username}` placeholder will be replaced with the username",
|
|
497
|
+
"description": "Top-level path of directories accessible to CARTA. The `{username}` placeholder will be replaced with the username. Defaults to `/usr/share/carta` if it exists, or `/usr/local/share/carta` if it exists. If neither exists and no default is provided, the controller exits with an error",
|
|
478
498
|
"type": "string",
|
|
479
499
|
"examples": [
|
|
480
500
|
"/home/{username}",
|
|
@@ -482,7 +502,7 @@
|
|
|
482
502
|
]
|
|
483
503
|
},
|
|
484
504
|
"baseFolderTemplate": {
|
|
485
|
-
"description": "Starting directory of CARTA. Must be a subfolder of rootFolderTemplate. The `{username}` placeholder will be replaced with the username",
|
|
505
|
+
"description": "Starting directory of CARTA. Must be a subfolder of rootFolderTemplate. The `{username}` placeholder will be replaced with the username. Defaults to the same value as `rootFolderTemplate`",
|
|
486
506
|
"type": "string",
|
|
487
507
|
"examples": [
|
|
488
508
|
"/home/{username}/CARTA",
|
|
@@ -575,6 +595,12 @@
|
|
|
575
595
|
]
|
|
576
596
|
}
|
|
577
597
|
}
|
|
598
|
+
},
|
|
599
|
+
"scriptingAccess": {
|
|
600
|
+
"description": "Control scripting access for users.",
|
|
601
|
+
"type": "string",
|
|
602
|
+
"enum": ["enabled-all-users", "disabled-all-users", "opt-in"],
|
|
603
|
+
"default": "disabled-all-users"
|
|
578
604
|
}
|
|
579
605
|
},
|
|
580
606
|
"if": {
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
3
|
+
"title": "Backend preferences",
|
|
4
|
+
"description": "Schema for CARTA backend preferences (Version 2)",
|
|
5
|
+
"$id": "carta_backend_preferences_2",
|
|
6
|
+
"required": [],
|
|
7
|
+
"properties": {
|
|
8
|
+
"verbosity": {
|
|
9
|
+
"type": "integer",
|
|
10
|
+
"enum": [
|
|
11
|
+
0,
|
|
12
|
+
1,
|
|
13
|
+
2,
|
|
14
|
+
3,
|
|
15
|
+
4,
|
|
16
|
+
5
|
|
17
|
+
],
|
|
18
|
+
"default": 4
|
|
19
|
+
},
|
|
20
|
+
"no_log": {
|
|
21
|
+
"type": "boolean",
|
|
22
|
+
"default": true
|
|
23
|
+
},
|
|
24
|
+
"log_performance": {
|
|
25
|
+
"type": "boolean",
|
|
26
|
+
"default": false
|
|
27
|
+
},
|
|
28
|
+
"log_protocol_messages": {
|
|
29
|
+
"type": "boolean",
|
|
30
|
+
"default": false
|
|
31
|
+
},
|
|
32
|
+
"no_frontend": {
|
|
33
|
+
"type": "boolean",
|
|
34
|
+
"default": false
|
|
35
|
+
},
|
|
36
|
+
"no_database": {
|
|
37
|
+
"type": "boolean",
|
|
38
|
+
"default": false
|
|
39
|
+
},
|
|
40
|
+
"no_http": {
|
|
41
|
+
"type": "boolean",
|
|
42
|
+
"default": false
|
|
43
|
+
},
|
|
44
|
+
"no_browser": {
|
|
45
|
+
"type": "boolean",
|
|
46
|
+
"default": false
|
|
47
|
+
},
|
|
48
|
+
"browser": {
|
|
49
|
+
"type": "string",
|
|
50
|
+
"default": ""
|
|
51
|
+
},
|
|
52
|
+
"host": {
|
|
53
|
+
"type": "string",
|
|
54
|
+
"minLength": 1,
|
|
55
|
+
"default": "0.0.0.0"
|
|
56
|
+
},
|
|
57
|
+
"port": {
|
|
58
|
+
"type": ["integer", "array"],
|
|
59
|
+
"default": 3002
|
|
60
|
+
},
|
|
61
|
+
"omp_threads": {
|
|
62
|
+
"type": "integer",
|
|
63
|
+
"default": -1
|
|
64
|
+
},
|
|
65
|
+
"top_level_folder": {
|
|
66
|
+
"type": "string",
|
|
67
|
+
"minLength": 1,
|
|
68
|
+
"default": "/"
|
|
69
|
+
},
|
|
70
|
+
"frontend_folder": {
|
|
71
|
+
"type": "string",
|
|
72
|
+
"minLength": 1,
|
|
73
|
+
"default": ""
|
|
74
|
+
},
|
|
75
|
+
"exit_timeout": {
|
|
76
|
+
"type": "integer",
|
|
77
|
+
"default": -1
|
|
78
|
+
},
|
|
79
|
+
"initial_timeout": {
|
|
80
|
+
"type": "integer",
|
|
81
|
+
"default": -1
|
|
82
|
+
},
|
|
83
|
+
"idle_timeout": {
|
|
84
|
+
"type": "integer",
|
|
85
|
+
"default": -1
|
|
86
|
+
},
|
|
87
|
+
"read_only_mode": {
|
|
88
|
+
"type": "boolean",
|
|
89
|
+
"default": false
|
|
90
|
+
},
|
|
91
|
+
"starting_folder": {
|
|
92
|
+
"type": "string",
|
|
93
|
+
"minLength": 1,
|
|
94
|
+
"default": ""
|
|
95
|
+
},
|
|
96
|
+
"event_thread_count": {
|
|
97
|
+
"type": "integer",
|
|
98
|
+
"default": -1
|
|
99
|
+
},
|
|
100
|
+
"enable_scripting": {
|
|
101
|
+
"type": "boolean",
|
|
102
|
+
"default": false
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
}
|
package/dist/auth/index.js
CHANGED
|
@@ -32,29 +32,29 @@ let refreshHandler = (req, res) => {
|
|
|
32
32
|
// Local providers
|
|
33
33
|
if (config_1.ServerConfig.authProviders.pam) {
|
|
34
34
|
const authConf = config_1.ServerConfig.authProviders.pam;
|
|
35
|
-
local_1.generateLocalVerifier(tokenVerifiers, authConf);
|
|
36
|
-
loginHandler = pam_1.getPamLoginHandler(authConf);
|
|
37
|
-
refreshHandler = local_1.generateLocalRefreshHandler(authConf);
|
|
35
|
+
(0, local_1.generateLocalVerifier)(tokenVerifiers, authConf);
|
|
36
|
+
loginHandler = (0, pam_1.getPamLoginHandler)(authConf);
|
|
37
|
+
refreshHandler = (0, local_1.generateLocalRefreshHandler)(authConf);
|
|
38
38
|
}
|
|
39
39
|
else if (config_1.ServerConfig.authProviders.ldap) {
|
|
40
40
|
const authConf = config_1.ServerConfig.authProviders.ldap;
|
|
41
|
-
local_1.generateLocalVerifier(tokenVerifiers, authConf);
|
|
42
|
-
loginHandler = ldap_1.getLdapLoginHandler(authConf);
|
|
43
|
-
refreshHandler = local_1.generateLocalRefreshHandler(authConf);
|
|
41
|
+
(0, local_1.generateLocalVerifier)(tokenVerifiers, authConf);
|
|
42
|
+
loginHandler = (0, ldap_1.getLdapLoginHandler)(authConf);
|
|
43
|
+
refreshHandler = (0, local_1.generateLocalRefreshHandler)(authConf);
|
|
44
44
|
}
|
|
45
45
|
else if (config_1.ServerConfig.authProviders.google) {
|
|
46
46
|
const authConf = config_1.ServerConfig.authProviders.google;
|
|
47
|
-
google_1.generateGoogleVerifier(tokenVerifiers, authConf);
|
|
47
|
+
(0, google_1.generateGoogleVerifier)(tokenVerifiers, authConf);
|
|
48
48
|
if (authConf.userLookupTable) {
|
|
49
|
-
external_1.watchUserTable(userMaps, google_1.validGoogleIssuers, authConf.userLookupTable);
|
|
49
|
+
(0, external_1.watchUserTable)(userMaps, google_1.validGoogleIssuers, authConf.userLookupTable);
|
|
50
50
|
}
|
|
51
51
|
}
|
|
52
52
|
else if (config_1.ServerConfig.authProviders.external) {
|
|
53
53
|
const authConf = config_1.ServerConfig.authProviders.external;
|
|
54
|
-
external_1.generateExternalVerifiers(tokenVerifiers, authConf);
|
|
54
|
+
(0, external_1.generateExternalVerifiers)(tokenVerifiers, authConf);
|
|
55
55
|
const tablePath = authConf.userLookupTable;
|
|
56
56
|
if (tablePath) {
|
|
57
|
-
external_1.watchUserTable(userMaps, authConf.issuers, tablePath);
|
|
57
|
+
(0, external_1.watchUserTable)(userMaps, authConf.issuers, tablePath);
|
|
58
58
|
}
|
|
59
59
|
}
|
|
60
60
|
// Check for empty token verifies
|
|
@@ -97,6 +97,9 @@ function authGuard(req, res, next) {
|
|
|
97
97
|
}
|
|
98
98
|
else {
|
|
99
99
|
req.username = getUser(token.username, token.iss);
|
|
100
|
+
if (token.scripting) {
|
|
101
|
+
req.scripting = true;
|
|
102
|
+
}
|
|
100
103
|
next();
|
|
101
104
|
}
|
|
102
105
|
}
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAAoC;AACpC,mCAAmC;AACnC,kCAAgC;AAEhC,sCAAsD;AACtD,yCAAqE;AACrE,mCAA2E;AAC3E,iCAA2C;AAC3C,+BAAyC;AACzC,qCAAoE;AAEpE,2CAA2C;AAC3C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;AACnD,qCAAqC;AACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,IAAI,YAAY,GAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5C,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,IAAI,cAAc,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,+BAA+B,EAAC,CAAC;AACtE,CAAC,CAAC;AAEF,kBAAkB;AAClB,IAAI,qBAAY,CAAC,aAAa,CAAC,GAAG,EAAE;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,GAAG,CAAC;IAChD,6BAAqB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAAoC;AACpC,mCAAmC;AACnC,kCAAgC;AAEhC,sCAAsD;AACtD,yCAAqE;AACrE,mCAA2E;AAC3E,iCAA2C;AAC3C,+BAAyC;AACzC,qCAAoE;AAEpE,2CAA2C;AAC3C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;AACnD,qCAAqC;AACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,IAAI,YAAY,GAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5C,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,IAAI,cAAc,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,+BAA+B,EAAC,CAAC;AACtE,CAAC,CAAC;AAEF,kBAAkB;AAClB,IAAI,qBAAY,CAAC,aAAa,CAAC,GAAG,EAAE;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,GAAG,CAAC;IAChD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,wBAAkB,EAAC,QAAQ,CAAC,CAAC;IAC5C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;CAC1D;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE;IACxC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,0BAAmB,EAAC,QAAQ,CAAC,CAAC;IAC7C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;CAC1D;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE;IAC1C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,MAAM,CAAC;IACnD,IAAA,+BAAsB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACjD,IAAI,QAAQ,CAAC,eAAe,EAAE;QAC1B,IAAA,yBAAc,EAAC,QAAQ,EAAE,2BAAkB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;KAC1E;CACJ;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC5C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,QAAQ,CAAC;IACrD,IAAA,oCAAyB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IAC3C,IAAI,SAAS,EAAE;QACX,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;KACzD;CACJ;AAED,iCAAiC;AACjC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE;IACtB,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;CACnB;AAED,SAAsB,WAAW,CAAC,YAAoB;;QAClD,MAAM,SAAS,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,SAAS,IAAI,SAAS,CAAC,GAAG,EAAE;YAC5B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE;gBACV,OAAO,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;aACvC;SACJ;QACD,OAAO,SAAS,CAAC;IACrB,CAAC;CAAA;AATD,kCASC;AAED,SAAgB,OAAO,CAAC,QAAgB,EAAE,MAAc;IACpD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,OAAO,EAAE;QACT,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;KAChC;SAAM;QACH,OAAO,QAAQ,CAAC;KACnB;AACL,CAAC;AAPD,0BAOC;AAED,qGAAqG;AACrG,SAAsB,SAAS,CAAC,GAAyB,EAAE,GAAqB,EAAE,IAA0B;;QACxG,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC;QAC9B,IAAI,WAAW,EAAE;YACb,IAAI;gBACA,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;gBAC7C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;oBAC3B,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;iBACtD;qBAAM;oBACH,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClD,IAAI,KAAK,CAAC,SAAS,EAAE;wBACjB,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;qBACxB;oBACD,IAAI,EAAE,CAAC;iBACV;aACJ;YAAC,OAAO,GAAG,EAAE;gBACV,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAC,CAAC,CAAC;aACjD;SACJ;aAAM;YACH,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;SACtD;IACL,CAAC;CAAA;AApBD,8BAoBC;AAED,SAAS,aAAa,CAAC,GAAoB,EAAE,GAAqB;IAC9D,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;QAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,CAAC;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,IAAI,EAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,eAAe,CAAC,GAAyB,EAAE,GAAqB;IACrE,GAAG,CAAC,IAAI,CAAC;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACzB,CAAC,CAAC;AACP,CAAC;AAEY,QAAA,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;AAC3C,kBAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;AACjD,kBAAU,CAAC,IAAI,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACnD,kBAAU,CAAC,IAAI,CAAC,UAAU,EAAE,cAAO,EAAE,cAAc,CAAC,CAAC;AACrD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC"}
|
package/dist/auth/ldap.js
CHANGED
|
@@ -33,15 +33,15 @@ function getLdapLoginHandler(authConf) {
|
|
|
33
33
|
}
|
|
34
34
|
if ((user === null || user === void 0 ? void 0 : user.uid) !== username) {
|
|
35
35
|
console.warn(`Returned user "uid ${user === null || user === void 0 ? void 0 : user.uid}" does not match username "${username}"`);
|
|
36
|
-
util_1.verboseLog(user);
|
|
36
|
+
(0, util_1.verboseLog)(user);
|
|
37
37
|
}
|
|
38
38
|
try {
|
|
39
39
|
const uid = userid.uid(username);
|
|
40
40
|
console.log(`Authenticated as user ${username} with uid ${uid} using LDAP`);
|
|
41
|
-
return local_1.addTokensToResponse(authConf, username
|
|
41
|
+
return (0, local_1.addTokensToResponse)(res, authConf, username);
|
|
42
42
|
}
|
|
43
43
|
catch (e) {
|
|
44
|
-
util_1.verboseError(e);
|
|
44
|
+
(0, util_1.verboseError)(e);
|
|
45
45
|
return res.status(403).json({ statusCode: 403, message: "User does not exist" });
|
|
46
46
|
}
|
|
47
47
|
};
|
package/dist/auth/ldap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AACjC,0CAA0C;AAE1C,mCAA4C;AAC5C,kCAAiD;AAEjD,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAA,MAAC,IAAY,0CAAE,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;SAC3C;aAAM;YACH,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;SACxC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE;gBACL,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE;gBACxB,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACvF,iBAAU,
|
|
1
|
+
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AACjC,0CAA0C;AAE1C,mCAA4C;AAC5C,kCAAiD;AAEjD,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAA,MAAC,IAAY,0CAAE,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;SAC3C;aAAM;YACH,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;SACxC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE;gBACL,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE;gBACxB,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACvF,IAAA,iBAAU,EAAC,IAAI,CAAC,CAAC;aACpB;YACD,IAAI;gBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;gBAC5E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;aACvD;YAAC,OAAO,CAAC,EAAE;gBACR,IAAA,mBAAY,EAAC,CAAC,CAAC,CAAC;gBAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;aAClF;QACL,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;;YAClD,MAAM,QAAQ,GAAG,KAAc,CAAC;YAChC,oDAAoD;YACpD,IAAI,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,EAAE;gBAC1D,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC1D,+CAA+C;gBAC/C,UAAU,CAAC,GAAG,EAAE;oBACZ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACtD,CAAC,EAAE,GAAG,CAAC,CAAC;aACX;iBAAM;gBACH,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aAC3B;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAxDD,kDAwDC"}
|
package/dist/auth/local.js
CHANGED
|
@@ -9,33 +9,49 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.generateLocalRefreshHandler = exports.generateLocalVerifier = exports.addTokensToResponse = exports.generateToken = void 0;
|
|
12
|
+
exports.generateLocalRefreshHandler = exports.generateLocalVerifier = exports.addTokensToResponse = exports.generateToken = exports.TokenType = void 0;
|
|
13
|
+
const types_1 = require("../types");
|
|
13
14
|
const fs = require("fs");
|
|
14
15
|
const jwt = require("jsonwebtoken");
|
|
15
16
|
const userid = require("userid");
|
|
16
17
|
const index_1 = require("./index");
|
|
17
|
-
const ms = require("ms");
|
|
18
18
|
const config_1 = require("../config");
|
|
19
|
+
const ms = require("ms");
|
|
19
20
|
let privateKey;
|
|
20
|
-
|
|
21
|
+
var TokenType;
|
|
22
|
+
(function (TokenType) {
|
|
23
|
+
TokenType[TokenType["Access"] = 0] = "Access";
|
|
24
|
+
TokenType[TokenType["Refresh"] = 1] = "Refresh";
|
|
25
|
+
TokenType[TokenType["Scripting"] = 2] = "Scripting";
|
|
26
|
+
})(TokenType = exports.TokenType || (exports.TokenType = {}));
|
|
27
|
+
function generateToken(authConf, username, tokenType) {
|
|
21
28
|
if (!privateKey) {
|
|
22
29
|
privateKey = fs.readFileSync(authConf.privateKeyLocation);
|
|
23
30
|
}
|
|
24
31
|
if (!authConf || !privateKey) {
|
|
25
32
|
return null;
|
|
26
33
|
}
|
|
27
|
-
|
|
34
|
+
const payload = {
|
|
28
35
|
iss: authConf.issuer,
|
|
29
|
-
username
|
|
30
|
-
|
|
31
|
-
|
|
36
|
+
username
|
|
37
|
+
};
|
|
38
|
+
const options = {
|
|
32
39
|
algorithm: authConf.keyAlgorithm,
|
|
33
|
-
expiresIn:
|
|
34
|
-
}
|
|
40
|
+
expiresIn: authConf.accessTokenAge
|
|
41
|
+
};
|
|
42
|
+
if (tokenType === TokenType.Refresh) {
|
|
43
|
+
payload.refresh = true;
|
|
44
|
+
options.expiresIn = authConf.refreshTokenAge;
|
|
45
|
+
}
|
|
46
|
+
else if (tokenType === TokenType.Scripting) {
|
|
47
|
+
payload.scripting = true;
|
|
48
|
+
options.expiresIn = authConf.scriptingTokenAge;
|
|
49
|
+
}
|
|
50
|
+
return jwt.sign(payload, privateKey, options);
|
|
35
51
|
}
|
|
36
52
|
exports.generateToken = generateToken;
|
|
37
|
-
function addTokensToResponse(authConf, username
|
|
38
|
-
const refreshToken = generateToken(authConf, username,
|
|
53
|
+
function addTokensToResponse(res, authConf, username) {
|
|
54
|
+
const refreshToken = generateToken(authConf, username, TokenType.Refresh);
|
|
39
55
|
res.cookie("Refresh-Token", refreshToken, {
|
|
40
56
|
path: config_1.RuntimeConfig.authPath,
|
|
41
57
|
maxAge: ms(authConf.refreshTokenAge),
|
|
@@ -43,7 +59,7 @@ function addTokensToResponse(authConf, username, res) {
|
|
|
43
59
|
secure: !config_1.ServerConfig.httpOnly,
|
|
44
60
|
sameSite: "strict"
|
|
45
61
|
});
|
|
46
|
-
const access_token = generateToken(authConf, username,
|
|
62
|
+
const access_token = generateToken(authConf, username, TokenType.Access);
|
|
47
63
|
res.json({
|
|
48
64
|
access_token,
|
|
49
65
|
token_type: "bearer",
|
|
@@ -66,22 +82,27 @@ function generateLocalVerifier(verifierMap, authConf) {
|
|
|
66
82
|
exports.generateLocalVerifier = generateLocalVerifier;
|
|
67
83
|
function generateLocalRefreshHandler(authConf) {
|
|
68
84
|
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
|
|
85
|
+
var _a;
|
|
69
86
|
const refreshTokenCookie = req.cookies["Refresh-Token"];
|
|
87
|
+
const scriptingToken = ((_a = req.body) === null || _a === void 0 ? void 0 : _a.scripting) === true;
|
|
70
88
|
if (refreshTokenCookie) {
|
|
71
89
|
try {
|
|
72
|
-
const refreshToken = yield index_1.verifyToken(refreshTokenCookie);
|
|
73
|
-
if (!refreshToken || !refreshToken.username || !refreshToken.
|
|
90
|
+
const refreshToken = yield (0, index_1.verifyToken)(refreshTokenCookie);
|
|
91
|
+
if (!refreshToken || !refreshToken.username || !refreshToken.refresh) {
|
|
74
92
|
next({ statusCode: 403, message: "Not authorized" });
|
|
75
93
|
}
|
|
94
|
+
else if (scriptingToken && config_1.ServerConfig.scriptingAccess !== types_1.ScriptingAccess.Enabled) {
|
|
95
|
+
next({ statusCode: 500, message: "Scripting access not enabled for this server" });
|
|
96
|
+
}
|
|
76
97
|
else {
|
|
77
98
|
const uid = userid.uid(refreshToken.username);
|
|
78
|
-
const access_token = generateToken(authConf, refreshToken.username,
|
|
79
|
-
console.log(`Refreshed access token for user ${refreshToken.username} with uid ${uid}`);
|
|
99
|
+
const access_token = generateToken(authConf, refreshToken.username, scriptingToken ? TokenType.Scripting : TokenType.Access);
|
|
100
|
+
console.log(`Refreshed ${scriptingToken ? "scripting" : "access"} token for user ${refreshToken.username} with uid ${uid}`);
|
|
80
101
|
res.json({
|
|
81
102
|
access_token,
|
|
82
103
|
token_type: "bearer",
|
|
83
104
|
username: refreshToken.username,
|
|
84
|
-
expires_in: ms(authConf.accessTokenAge) / 1000
|
|
105
|
+
expires_in: ms(scriptingToken ? authConf.scriptingTokenAge : authConf.accessTokenAge) / 1000
|
|
85
106
|
});
|
|
86
107
|
}
|
|
87
108
|
}
|
package/dist/auth/local.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAA+F;AAC/F,yBAAyB;AACzB,oCAAoC;AAGpC,iCAAiC;AACjC,mCAAoC;AACpC,sCAAsD;AACtD,yBAA0B;AAE1B,IAAI,UAAkB,CAAC;AAEvB,IAAY,SAIX;AAJD,WAAY,SAAS;IACjB,6CAAM,CAAA;IACN,+CAAO,CAAA;IACP,mDAAS,CAAA;AACb,CAAC,EAJW,SAAS,GAAT,iBAAS,KAAT,iBAAS,QAIpB;AAED,SAAgB,aAAa,CAAC,QAA8B,EAAE,QAAgB,EAAE,SAAoB;IAChG,IAAI,CAAC,UAAU,EAAE;QACb,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;KAC7D;IACD,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE;QAC1B,OAAO,IAAI,CAAC;KACf;IAED,MAAM,OAAO,GAAQ;QACjB,GAAG,EAAE,QAAQ,CAAC,MAAM;QACpB,QAAQ;KACX,CAAC;IAEF,MAAM,OAAO,GAAoB;QAC7B,SAAS,EAAE,QAAQ,CAAC,YAAY;QAChC,SAAS,EAAE,QAAQ,CAAC,cAAc;KACrC,CAAC;IAEF,IAAI,SAAS,KAAK,SAAS,CAAC,OAAO,EAAE;QACjC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACvB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;KAChD;SAAM,IAAI,SAAS,KAAK,SAAS,CAAC,SAAS,EAAE;QAC1C,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,iBAAiB,CAAC;KAClD;IAED,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC;AA3BD,sCA2BC;AAED,SAAgB,mBAAmB,CAAC,GAAqB,EAAE,QAA8B,EAAE,QAAgB;IACvG,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1E,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,EAAE;QACtC,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,eAAyB,CAAC;QAC9C,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAEzE,GAAG,CAAC,IAAI,CAAC;QACL,YAAY;QACZ,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,EAAE,CAAC,QAAQ,CAAC,cAAwB,CAAC,GAAG,IAAI;KAC3D,CAAC,CAAC;AACP,CAAC;AAjBD,kDAiBC;AAED,SAAgB,qBAAqB,CAAC,WAAkC,EAAE,QAA8B;IACpG,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAC9D,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE;QAC5C,MAAM,OAAO,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE,EAAC,SAAS,EAAE,QAAQ,CAAC,YAAY,EAAkB,CAAC,CAAC;QAC9G,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,MAAM,EAAE;YAC5C,OAAO,OAAO,CAAC;SAClB;aAAM;YACH,OAAO,SAAS,CAAC;SACpB;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAVD,sDAUC;AAED,SAAgB,2BAA2B,CAAC,QAA8B;IACtE,OAAO,CAAO,GAAoB,EAAE,GAAqB,EAAE,IAA0B,EAAE,EAAE;;QACrF,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QACpD,IAAI,kBAAkB,EAAE;YACpB,IAAI;gBACA,MAAM,YAAY,GAAG,MAAM,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC;gBAC3D,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE;oBAClE,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;iBACtD;qBAAM,IAAI,cAAc,IAAI,qBAAY,CAAC,eAAe,KAAK,uBAAe,CAAC,OAAO,EAAE;oBACnF,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,8CAA8C,EAAC,CAAC,CAAC;iBACpF;qBAAM;oBACH,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;oBAC9C,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;oBAC7H,OAAO,CAAC,GAAG,CAAC,aAAa,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,mBAAmB,YAAY,CAAC,QAAQ,aAAa,GAAG,EAAE,CAAC,CAAC;oBAC5H,GAAG,CAAC,IAAI,CAAC;wBACL,YAAY;wBACZ,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,UAAU,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAE,QAAQ,CAAC,cAAyB,CAAC,GAAG,IAAI;qBAC3G,CAAC,CAAC;iBACN;aACJ;YAAC,OAAO,GAAG,EAAE;gBACV,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;aAC7D;SACJ;aAAM;YACH,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;SAC7D;IACL,CAAC,CAAA,CAAC;AACN,CAAC;AA7BD,kEA6BC"}
|
package/dist/auth/pam.js
CHANGED
|
@@ -20,7 +20,7 @@ function getPamLoginHandler(authConf) {
|
|
|
20
20
|
try {
|
|
21
21
|
const uid = userid.uid(username);
|
|
22
22
|
console.log(`Authenticated as user ${username} with uid ${uid} using PAM`);
|
|
23
|
-
return local_1.addTokensToResponse(authConf, username
|
|
23
|
+
return (0, local_1.addTokensToResponse)(res, authConf, username);
|
|
24
24
|
}
|
|
25
25
|
catch (e) {
|
|
26
26
|
return res.status(403).json({ statusCode: 403, message: "User does not exist" });
|
package/dist/auth/pam.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AAEjC,mCAA4C;AAE5C,SAAgB,kBAAkB,CAAC,QAA8B;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,eAAe,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,EAAE,CAAC,GAAmB,EAAE,IAAY,EAAE,EAAE;YACxE,IAAI,GAAG,EAAE;gBACL,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;iBAAM;gBACH,IAAI;oBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC3E,OAAO,2BAAmB,
|
|
1
|
+
{"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AAEjC,mCAA4C;AAE5C,SAAgB,kBAAkB,CAAC,QAA8B;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,eAAe,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,EAAE,CAAC,GAAmB,EAAE,IAAY,EAAE,EAAE;YACxE,IAAI,GAAG,EAAE;gBACL,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;iBAAM;gBACH,IAAI;oBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC3E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBACvD;gBAAC,OAAO,CAAC,EAAE;oBACR,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;iBAClF;aACJ;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAzBD,gDAyBC"}
|
package/dist/config.js
CHANGED
|
@@ -37,8 +37,8 @@ exports.verboseOutput = verboseOutput;
|
|
|
37
37
|
const configSchema = require("../config/config_schema.json");
|
|
38
38
|
const ajv = new ajv_1.default({ useDefaults: false, allowUnionTypes: true });
|
|
39
39
|
const ajvWithDefaults = new ajv_1.default({ useDefaults: true, allowUnionTypes: true });
|
|
40
|
-
ajv_formats_1.default(ajv);
|
|
41
|
-
ajv_formats_1.default(ajvWithDefaults);
|
|
40
|
+
(0, ajv_formats_1.default)(ajv);
|
|
41
|
+
(0, ajv_formats_1.default)(ajvWithDefaults);
|
|
42
42
|
const validateConfig = ajv.compile(configSchema);
|
|
43
43
|
const validateAndAddDefaults = ajvWithDefaults.compile(configSchema);
|
|
44
44
|
let serverConfig;
|
package/dist/controllerTests.js
CHANGED
|
@@ -60,7 +60,7 @@ function testLog(username) {
|
|
|
60
60
|
console.log(logSymbols.success, `Checked log writing for user ${username}`);
|
|
61
61
|
}
|
|
62
62
|
catch (err) {
|
|
63
|
-
util_1.verboseError(err);
|
|
63
|
+
(0, util_1.verboseError)(err);
|
|
64
64
|
throw new Error(`Could not create log file at ${logLocation} for user ${username}. Please check your config file's logFileTemplate option`);
|
|
65
65
|
}
|
|
66
66
|
});
|
|
@@ -75,14 +75,14 @@ function testLdap(authConf, username) {
|
|
|
75
75
|
read({ prompt: `Password for user ${username}:`, silent: true }, (er, password) => {
|
|
76
76
|
ldap.authenticate(username, password, (error, user) => {
|
|
77
77
|
if (error) {
|
|
78
|
-
util_1.verboseError(error);
|
|
78
|
+
(0, util_1.verboseError)(error);
|
|
79
79
|
reject(new Error(`Could not authenticate as user ${username}. Please check your config file's ldapOptions section!`));
|
|
80
80
|
}
|
|
81
81
|
else {
|
|
82
82
|
console.log(logSymbols.success, `Checked LDAP connection for user ${username}`);
|
|
83
83
|
if ((user === null || user === void 0 ? void 0 : user.uid) !== username) {
|
|
84
84
|
console.warn(logSymbols.warning, `Returned user "uid ${user === null || user === void 0 ? void 0 : user.uid}" does not match username "${username}"`);
|
|
85
|
-
util_1.verboseLog(user);
|
|
85
|
+
(0, util_1.verboseLog)(user);
|
|
86
86
|
}
|
|
87
87
|
resolve();
|
|
88
88
|
}
|
|
@@ -91,7 +91,7 @@ function testLdap(authConf, username) {
|
|
|
91
91
|
}, 5000);
|
|
92
92
|
}
|
|
93
93
|
catch (e) {
|
|
94
|
-
util_1.verboseError(e);
|
|
94
|
+
(0, util_1.verboseError)(e);
|
|
95
95
|
reject(new Error("Cannot create LDAP object. Please check your config file's ldapOptions section!"));
|
|
96
96
|
}
|
|
97
97
|
}
|
|
@@ -104,7 +104,7 @@ function testPam(authConf, username) {
|
|
|
104
104
|
read({ prompt: `Password for user ${username}:`, silent: true }, (er, password) => {
|
|
105
105
|
pamAuthenticate({ username, password }, (err, code) => {
|
|
106
106
|
if (err) {
|
|
107
|
-
util_1.verboseError(err);
|
|
107
|
+
(0, util_1.verboseError)(err);
|
|
108
108
|
reject(new Error(`Could not authenticate as user ${username}. Error code ${code}`));
|
|
109
109
|
}
|
|
110
110
|
else {
|
|
@@ -124,7 +124,7 @@ function testDatabase() {
|
|
|
124
124
|
yield db.listCollections({}, { nameOnly: true }).hasNext();
|
|
125
125
|
}
|
|
126
126
|
catch (e) {
|
|
127
|
-
util_1.verboseError(e);
|
|
127
|
+
(0, util_1.verboseError)(e);
|
|
128
128
|
throw new Error("Cannot connect to MongoDB. Please check your config file's database section!");
|
|
129
129
|
}
|
|
130
130
|
console.log(logSymbols.success, "Checked database connection");
|
|
@@ -136,7 +136,7 @@ function testUid(username) {
|
|
|
136
136
|
uid = userid.uid(username);
|
|
137
137
|
}
|
|
138
138
|
catch (e) {
|
|
139
|
-
util_1.verboseError(e);
|
|
139
|
+
(0, util_1.verboseError)(e);
|
|
140
140
|
throw new Error(`Cannot verify uid of user ${username}`);
|
|
141
141
|
}
|
|
142
142
|
if (!uid) {
|
|
@@ -147,10 +147,10 @@ function testUid(username) {
|
|
|
147
147
|
function testToken(authConf, username) {
|
|
148
148
|
let token;
|
|
149
149
|
try {
|
|
150
|
-
token = local_1.generateToken(authConf, username,
|
|
150
|
+
token = (0, local_1.generateToken)(authConf, username, local_1.TokenType.Access);
|
|
151
151
|
}
|
|
152
152
|
catch (e) {
|
|
153
|
-
util_1.verboseError(e);
|
|
153
|
+
(0, util_1.verboseError)(e);
|
|
154
154
|
throw new Error(`Cannot generate access token. Please check your config file's ldap auth section!`);
|
|
155
155
|
}
|
|
156
156
|
if (!token) {
|
|
@@ -167,7 +167,7 @@ function testFrontend() {
|
|
|
167
167
|
indexContents = fs.readFileSync(config_1.ServerConfig.frontendPath + "/index.html").toString();
|
|
168
168
|
}
|
|
169
169
|
catch (e) {
|
|
170
|
-
util_1.verboseError(e);
|
|
170
|
+
(0, util_1.verboseError)(e);
|
|
171
171
|
throw new Error(`Cannot access frontend at ${config_1.ServerConfig.frontendPath}`);
|
|
172
172
|
}
|
|
173
173
|
if (!indexContents) {
|
|
@@ -204,10 +204,10 @@ function testBackendStartup(username) {
|
|
|
204
204
|
}
|
|
205
205
|
// Finally, add the positional argument for the base folder
|
|
206
206
|
args.push(config_1.ServerConfig.baseFolderTemplate.replace("{username}", username));
|
|
207
|
-
util_1.verboseLog(`running sudo ${args.join(" ")}`);
|
|
207
|
+
(0, util_1.verboseLog)(`running sudo ${args.join(" ")}`);
|
|
208
208
|
// Use same stdout and stderr stream for the backend process
|
|
209
|
-
const backendProcess = child_process_1.spawn("sudo", args, { stdio: "inherit" });
|
|
210
|
-
yield util_1.delay(2000);
|
|
209
|
+
const backendProcess = (0, child_process_1.spawn)("sudo", args, { stdio: "inherit" });
|
|
210
|
+
yield (0, util_1.delay)(2000);
|
|
211
211
|
if (backendProcess.signalCode) {
|
|
212
212
|
throw new Error(`Backend process terminated with code ${backendProcess.signalCode}. Please check your sudoers config, processCommand option and additionalArgs section`);
|
|
213
213
|
}
|
|
@@ -220,7 +220,7 @@ function testBackendStartup(username) {
|
|
|
220
220
|
wsConnected = true;
|
|
221
221
|
});
|
|
222
222
|
wsClient.connect(`ws://localhost:${port}`);
|
|
223
|
-
yield util_1.delay(1000);
|
|
223
|
+
yield (0, util_1.delay)(1000);
|
|
224
224
|
if (wsConnected) {
|
|
225
225
|
console.log(logSymbols.success, "Backend process accepted connection");
|
|
226
226
|
}
|
|
@@ -236,13 +236,13 @@ function testKillScript(username, existingProcess) {
|
|
|
236
236
|
throw new Error(`Backend process already killed, signal code ${existingProcess.signalCode}`);
|
|
237
237
|
}
|
|
238
238
|
const args = ["-u", `${username}`, config_1.ServerConfig.killCommand, `${existingProcess.pid}`];
|
|
239
|
-
util_1.verboseLog(`running sudo ${args.join(" ")}`);
|
|
240
|
-
const res = child_process_1.spawnSync("sudo", args);
|
|
239
|
+
(0, util_1.verboseLog)(`running sudo ${args.join(" ")}`);
|
|
240
|
+
const res = (0, child_process_1.spawnSync)("sudo", args);
|
|
241
241
|
if (res.status) {
|
|
242
242
|
throw new Error(`Cannot execute kill script (error status ${res.status}. Please check your killCommand option`);
|
|
243
243
|
}
|
|
244
244
|
// Delay to allow the parent process to exit
|
|
245
|
-
yield util_1.delay(1000);
|
|
245
|
+
yield (0, util_1.delay)(1000);
|
|
246
246
|
if (existingProcess.signalCode === "SIGKILL") {
|
|
247
247
|
console.log(logSymbols.success, "Backend process killed correctly");
|
|
248
248
|
}
|