feat: modular auth + logging changes

7 years ago · 2020e457cf
15 changed files with 174 additions and 185 deletions
--- a/server/authentication/azure.js
+++ b/server/authentication/azure.js
@ -8,26 +8,24 @@

 const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy

-module.exports = (passport) => {
-  if (wiki.config.auth.azure && wiki.config.auth.azure.enabled) {
-    const jwt = require('jsonwebtoken')
-    passport.use('azure_ad_oauth2',
-      new AzureAdOAuth2Strategy({
-        clientID: wiki.config.auth.azure.clientId,
-        clientSecret: wiki.config.auth.azure.clientSecret,
-        callbackURL: wiki.config.host + '/login/azure/callback',
-        resource: wiki.config.auth.azure.resource,
-        tenant: wiki.config.auth.azure.tenant
-      }, (accessToken, refreshToken, params, profile, cb) => {
-        let waadProfile = jwt.decode(params.id_token)
-        waadProfile.id = waadProfile.oid
-        waadProfile.provider = 'azure'
-        wiki.db.User.processProfile(waadProfile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  const jwt = require('jsonwebtoken')
+  passport.use('azure_ad_oauth2',
+    new AzureAdOAuth2Strategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL,
+      resource: conf.resource,
+      tenant: conf.tenant
+    }, (accessToken, refreshToken, params, profile, cb) => {
+      let waadProfile = jwt.decode(params.id_token)
+      waadProfile.id = waadProfile.oid
+      waadProfile.provider = 'azure'
+      wiki.db.User.processProfile(waadProfile).then((user) => {
+        return cb(null, user) || true
+      }).catch((err) => {
+        return cb(err, null) || true
+      })
+    }
+    ))
 }
--- a/server/authentication/facebook.js
+++ b/server/authentication/facebook.js
@ -8,21 +8,19 @@

 const FacebookStrategy = require('passport-facebook').Strategy

-module.exports = (passport) => {
-  if (wiki.config.auth.facebook && wiki.config.auth.facebook.enabled) {
-    passport.use('facebook',
-      new FacebookStrategy({
-        clientID: wiki.config.auth.facebook.clientId,
-        clientSecret: wiki.config.auth.facebook.clientSecret,
-        callbackURL: wiki.config.host + '/login/facebook/callback',
-        profileFields: ['id', 'displayName', 'email']
-      }, function (accessToken, refreshToken, profile, cb) {
-        wiki.db.User.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  passport.use('facebook',
+    new FacebookStrategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL,
+      profileFields: ['id', 'displayName', 'email']
+    }, function (accessToken, refreshToken, profile, cb) {
+      wiki.db.User.processProfile(profile).then((user) => {
+        return cb(null, user) || true
+      }).catch((err) => {
+        return cb(err, null) || true
+      })
+    }
+    ))
 }
--- a/server/authentication/github.js
+++ b/server/authentication/github.js
@ -8,21 +8,19 @@

 const GitHubStrategy = require('passport-github2').Strategy

-module.exports = (passport) => {
-  if (wiki.config.auth.github && wiki.config.auth.github.enabled) {
-    passport.use('github',
-      new GitHubStrategy({
-        clientID: wiki.config.auth.github.clientId,
-        clientSecret: wiki.config.auth.github.clientSecret,
-        callbackURL: wiki.config.host + '/login/github/callback',
-        scope: ['user:email']
-      }, (accessToken, refreshToken, profile, cb) => {
-        wiki.db.User.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  passport.use('github',
+    new GitHubStrategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL,
+      scope: ['user:email']
+    }, (accessToken, refreshToken, profile, cb) => {
+      wiki.db.User.processProfile(profile).then((user) => {
+        return cb(null, user) || true
+      }).catch((err) => {
+        return cb(err, null) || true
+      })
+    }
+    ))
 }
--- a/server/authentication/google.js
+++ b/server/authentication/google.js
@ -8,20 +8,18 @@

 const GoogleStrategy = require('passport-google-oauth20').Strategy

-module.exports = (passport) => {
-  if (wiki.config.auth.google && wiki.config.auth.google.enabled) {
-    passport.use('google',
-      new GoogleStrategy({
-        clientID: wiki.config.auth.google.clientId,
-        clientSecret: wiki.config.auth.google.clientSecret,
-        callbackURL: wiki.config.host + '/login/google/callback'
-      }, (accessToken, refreshToken, profile, cb) => {
-        wiki.db.User.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  passport.use('google',
+    new GoogleStrategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL
+    }, (accessToken, refreshToken, profile, cb) => {
+      wiki.db.User.processProfile(profile).then((user) => {
+        return cb(null, user) || true
+      }).catch((err) => {
+        return cb(err, null) || true
+      })
+    }
+    ))
 }
--- a/server/authentication/ldap.js
+++ b/server/authentication/ldap.js
@ -7,35 +7,34 @@
 // ------------------------------------

 const LdapStrategy = require('passport-ldapauth').Strategy
+const fs = require('fs')

-module.exports = (passport) => {
-  if (wiki.config.auth.ldap && wiki.config.auth.ldap.enabled) {
-    passport.use('ldapauth',
-      new LdapStrategy({
-        server: {
-          url: wiki.config.auth.ldap.url,
-          bindDn: wiki.config.auth.ldap.bindDn,
-          bindCredentials: wiki.config.auth.ldap.bindCredentials,
-          searchBase: wiki.config.auth.ldap.searchBase,
-          searchFilter: wiki.config.auth.ldap.searchFilter,
-          searchAttributes: ['displayName', 'name', 'cn', 'mail'],
-          tlsOptions: (wiki.config.auth.ldap.tlsEnabled) ? {
-            ca: [
-              fs.readFileSync(wiki.config.auth.ldap.tlsCertPath)
-            ]
-          } : {}
-        },
-        usernameField: 'email',
-        passReqToCallback: false
-      }, (profile, cb) => {
-        profile.provider = 'ldap'
-        profile.id = profile.dn
-        wiki.db.User.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  passport.use('ldapauth',
+    new LdapStrategy({
+      server: {
+        url: conf.url,
+        bindDn: conf.bindDn,
+        bindCredentials: conf.bindCredentials,
+        searchBase: conf.searchBase,
+        searchFilter: conf.searchFilter,
+        searchAttributes: ['displayName', 'name', 'cn', 'mail'],
+        tlsOptions: (conf.tlsEnabled) ? {
+          ca: [
+            fs.readFileSync(conf.tlsCertPath)
+          ]
+        } : {}
+      },
+      usernameField: 'email',
+      passReqToCallback: false
+    }, (profile, cb) => {
+      profile.provider = 'ldap'
+      profile.id = profile.dn
+      wiki.db.User.processProfile(profile).then((user) => {
+        return cb(null, user) || true
+      }).catch((err) => {
+        return cb(err, null) || true
+      })
+    }
+    ))
 }
--- a/server/authentication/local.js
+++ b/server/authentication/local.js
@ -8,27 +8,25 @@

 const LocalStrategy = require('passport-local').Strategy

-module.exports = (passport) => {
-  if (wiki.config.auth.local && wiki.config.auth.local.enabled) {
-    passport.use('local',
-      new LocalStrategy({
-        usernameField: 'email',
-        passwordField: 'password'
-      }, (uEmail, uPassword, done) => {
-        wiki.db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => {
-          if (user) {
-            return user.validatePassword(uPassword).then(() => {
-              return done(null, user) || true
-            }).catch((err) => {
-              return done(err, null)
-            })
-          } else {
-            return done(new Error('INVALID_LOGIN'), null)
-          }
-        }).catch((err) => {
-          done(err, null)
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  passport.use('local',
+    new LocalStrategy({
+      usernameField: 'email',
+      passwordField: 'password'
+    }, (uEmail, uPassword, done) => {
+      wiki.db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => {
+        if (user) {
+          return user.validatePassword(uPassword).then(() => {
+            return done(null, user) || true
+          }).catch((err) => {
+            return done(err, null)
+          })
+        } else {
+          return done(new Error('INVALID_LOGIN'), null)
+        }
+      }).catch((err) => {
+        done(err, null)
+      })
+    }
+    ))
 }
--- a/server/authentication/microsoft.js
+++ b/server/authentication/microsoft.js
@ -8,20 +8,18 @@

 const WindowsLiveStrategy = require('passport-windowslive').Strategy

-module.exports = (passport) => {
-  if (wiki.config.auth.microsoft && wiki.config.auth.microsoft.enabled) {
-    passport.use('windowslive',
-      new WindowsLiveStrategy({
-        clientID: wiki.config.auth.microsoft.clientId,
-        clientSecret: wiki.config.auth.microsoft.clientSecret,
-        callbackURL: wiki.config.host + '/login/ms/callback'
-      }, function (accessToken, refreshToken, profile, cb) {
-        wiki.db.User.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  passport.use('windowslive',
+    new WindowsLiveStrategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL
+    }, function (accessToken, refreshToken, profile, cb) {
+      wiki.db.User.processProfile(profile).then((user) => {
+        return cb(null, user) || true
+      }).catch((err) => {
+        return cb(err, null) || true
+      })
+    }
+    ))
 }
--- a/server/authentication/slack.js
+++ b/server/authentication/slack.js
@ -8,20 +8,18 @@

 const SlackStrategy = require('passport-slack').Strategy

-module.exports = (passport) => {
-  if (wiki.config.auth.slack && wiki.config.auth.slack.enabled) {
-    passport.use('slack',
-      new SlackStrategy({
-        clientID: wiki.config.auth.slack.clientId,
-        clientSecret: wiki.config.auth.slack.clientSecret,
-        callbackURL: wiki.config.host + '/login/slack/callback'
-      }, (accessToken, refreshToken, profile, cb) => {
-        wiki.db.User.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
-      }
-      ))
-  }
+module.exports = (passport, conf) => {
+  passport.use('slack',
+    new SlackStrategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL
+    }, (accessToken, refreshToken, profile, cb) => {
+      wiki.db.User.processProfile(profile).then((user) => {
+        return cb(null, user) || true
+      }).catch((err) => {
+        return cb(err, null) || true
+      })
+    }
+    ))
 }
--- a/server/controllers/uploads.js
+++ b/server/controllers/uploads.js
@ -2,6 +2,9 @@

 /* global wiki */

+module.exports = false
+return
+
 const express = require('express')
 const router = express.Router()

--- a/server/master.js
+++ b/server/master.js
@ -147,7 +147,7 @@ module.exports = Promise.join(

  app.use('/graphql', graphqlApollo.graphqlExpress({ schema: graphqlSchema }))
  app.use('/graphiql', graphqlApollo.graphiqlExpress({ endpointURL: '/graphql' }))
-  app.use('/uploads', mw.auth, ctrl.uploads)
+  // app.use('/uploads', mw.auth, ctrl.uploads)
  app.use('/admin', mw.auth, ctrl.admin)
  app.use('/', mw.auth, ctrl.pages)

@ -173,7 +173,7 @@ module.exports = Promise.join(
  // Start HTTP server
  // ----------------------------------------

-  wiki.logger.info('Starting HTTP/WS server on port ' + wiki.config.port + '...')
+  wiki.logger.info(`HTTP/WS Server on port: ${wiki.config.port}`)

  app.set('port', wiki.config.port)
  var server = http.createServer(app)
@ -199,7 +199,7 @@ module.exports = Promise.join(
  })

  server.on('listening', () => {
-    wiki.logger.info('HTTP/WS server started successfully! [RUNNING]')
+    wiki.logger.info('HTTP/WS Server: RUNNING')
  })

  // ----------------------------------------
--- a/server/modules/auth.js
+++ b/server/modules/auth.js
@ -2,9 +2,9 @@

 /* global wiki */

-const fs = require('fs')
+const _ = require('lodash')

-module.exports = function (passport) {
+module.exports = (passport) => {
  // Serialization user methods

  passport.serializeUser(function (user, done) {
@ -24,12 +24,28 @@ module.exports = function (passport) {
    })
  })

-  // Create users for first-time
+  // Load authentication strategies

-  return wiki.db.User.findOne({ provider: 'local', email: 'guest@example.com' }).then((c) => {
-    if (c < 1) {
-      // Create guest account
+  wiki.config.authStrategies = {
+    list: _.pickBy(wiki.config.auth, strategy => strategy.enabled),
+    socialEnabled: (_.chain(wiki.config.auth).omit('local').filter(['enabled', true]).value().length > 0)
+  }
+
+  _.forOwn(wiki.config.authStrategies.list, (strategyConfig, strategyName) => {
+    strategyConfig.callbackURL = `${wiki.config.site.host}/login/${strategyName}/callback`
+    require(`../authentication/${strategyName}`)(passport, strategyConfig)
+    wiki.logger.info(`Authentication Provider ${_.upperFirst(strategyName)}: OK`)
+  })

+  // Create Guest account for first-time
+
+  return wiki.db.User.findOne({
+    where: {
+      provider: 'local',
+      email: 'guest@example.com'
+    }
+  }).then((c) => {
+    if (c < 1) {
      return wiki.db.User.create({
        provider: 'local',
        email: 'guest@example.com',
--- a/server/modules/config.js
+++ b/server/modules/config.js
@ -57,17 +57,6 @@ module.exports = {
  // List authentication strategies
    wiki.config = appconfig
    wiki.data = appdata
-
-    // List authentication strategies
-
-    // appconfig.authStrategies = {
-    //   list: _.filter(appconfig.auth, ['enabled', true]),
-    //   socialEnabled: (_.chain(appconfig.auth).omit('local').filter(['enabled', true]).value().length > 0)
-    // }
-    // if (appconfig.authStrategies.list.length < 1) {
-    //   console.error(new Error('You must enable at least 1 authentication strategy!'))
-    //   process.exit(1)
-    // }
  },

  /**
--- a/server/modules/db.js
+++ b/server/modules/db.js
@ -41,7 +41,7 @@ module.exports = {
    // Attempt to connect and authenticate to DB

    self.inst.authenticate().then(() => {
-      wiki.logger.info('Connected to PostgreSQL database.')
+      wiki.logger.info('Database (PostgreSQL) connection: OK')
    }).catch(err => {
      wiki.logger.error('Failed to connect to MongoDB instance.')
      return err
--- a/server/modules/disk.js
+++ b/server/modules/disk.js
@ -94,8 +94,6 @@ module.exports = {
   * Creates a base directories (Synchronous).
   */
  createBaseDirectories () {
-    wiki.logger.info('Checking data directories...')
-
    try {
      fs.ensureDirSync(path.resolve(wiki.ROOTPATH, wiki.config.paths.data))
      fs.emptyDirSync(path.resolve(wiki.ROOTPATH, wiki.config.paths.data))
@ -117,7 +115,7 @@ module.exports = {
      wiki.logger.error(err)
    }

-    wiki.logger.info('Data and Repository directories are OK.')
+    wiki.logger.info('Disk Data Paths: OK')
  },

  /**
--- a/server/modules/git.js
+++ b/server/modules/git.js
@ -71,8 +71,6 @@ module.exports = {
  _initRepo() {
    let self = this

-    wiki.logger.info('Checking Git repository...')
-
    // -> Check if path is accessible

    return fs.mkdirAsync(self._repo.path).catch((err) => {
@ -92,7 +90,7 @@ module.exports = {
      })
    }).then(() => {
      if (wiki.config.git === false) {
-        wiki.logger.info('Remote Git syncing is disabled. Not recommended!')
+        wiki.logger.warn('Remote Git syncing is disabled. Not recommended!')
        return Promise.resolve(true)
      }

@ -132,7 +130,7 @@ module.exports = {
      wiki.logger.error('Git remote error!')
      throw err
    }).then(() => {
-      wiki.logger.info('Git repository is OK.')
+      wiki.logger.info('Git Repository: OK')
      return true
    })
  },