forked from prose/gatekeeper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
115 lines (99 loc) · 3.09 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
var url = require('url'),
http = require('http'),
https = require('https'),
fs = require('fs'),
qs = require('querystring'),
express = require('express'),
app = express();
var TRUNCATE_THRESHOLD = 10,
REVEALED_CHARS = 3,
REPLACEMENT = '***';
// Load config defaults from JSON file.
// Environment variables override defaults.
function loadConfig() {
var config = JSON.parse(fs.readFileSync(__dirname+ '/config.json', 'utf-8'));
var config = require('./config.json');
Object.keys(config).forEach(function(key) {
var envValue = process.env[key.toUpperCase()];
console.log(key + ": " + envValue);
if (!envValue) return;
config[key] = (typeof config[key] === 'object') ? JSON.parse(envValue) : envValue;
});
log('Configuration');
= // console.log(JSON.stringify(config, null, 2));
return config;
}
var config = loadConfig();
function authenticate(code, useCase, cb) {
var oauth = config.target[useCase] || config.target.default;
if (!oauth) {
cb(new Error('Could not find oauth settings'), null);
return;
}
var data = qs.stringify({
client_id: oauth.client_id,
client_secret: oauth.client_secret,
code: code
});
var reqOptions = {
host: config.oauth_host,
port: config.oauth_port,
path: config.oauth_path,
method: config.oauth_method,
headers: { 'content-length': data.length }
};
var body = "";
var req = https.request(reqOptions, function(res) {
res.setEncoding('utf8');
res.on('data', function (chunk) { body += chunk; });
res.on('end', function() {
cb(null, qs.parse(body).access_token);
});
});
req.write(data);
req.end();
req.on('error', function(e) { cb(e.message); });
}
/**
* Handles logging to the console.
* Logged values can be sanitized before they are logged
*
* @param {string} label - label for the log message
* @param {Object||string} value - the actual log message, can be a string or a plain object
* @param {boolean} sanitized - should the value be sanitized before logging?
*/
function log(label, value, sanitized) {
value = value || '';
if (sanitized){
if (typeof(value) === 'string' && value.length > TRUNCATE_THRESHOLD){
console.log(label, value.substring(REVEALED_CHARS, 0) + REPLACEMENT);
} else {
console.log(label, REPLACEMENT);
}
} else {
console.log(label, value);
}
}
// Convenience for allowing CORS on routes - GET only
app.all('*', function (req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type');
next();
});
app.get('/authenticate/:code', function(req, res) {
log('authenticating code:', req.params.code, true);
authenticate(req.params.code, function(err, token) {
var result
if ( err || !token ) {
result = {"error": err || "bad_code"};
log(result.error);
} else {
result = {"token": token};
log("token", result.token, true);
}
res.json(result);
});
});
module.exports.config = config;
module.exports.app = app;