helix-front/server/controllers/user.ts - helix - Git at Google

 import { Request, Response, Router } from 'express';
 import * as LdapClient from 'ldapjs';

 import { LDAP } from '../config';
 import { HelixUserRequest } from './d';

 export class UserCtrl {
   constructor(router: Router) {
     router.route('/user/authorize').get(this.authorize);
     router.route('/user/login').post(this.login.bind(this));
     router.route('/user/current').get(this.current);
     router.route('/user/can').get(this.can);
   }

   protected authorize(req: HelixUserRequest, res: Response) {
     // you can rewrite this function to support your own authorization logic
     // by default, doing nothing but redirection
     if (req.query.url) {
       res.redirect(req.query.url as string);
     } else {
       res.redirect('/');
     }
   }

   protected current(req: HelixUserRequest, res: Response) {
     res.json(req.session.username || 'Sign In');
   }

   protected can(req: HelixUserRequest, res: Response) {
     try {
       return res.json(req.session.isAdmin ? true : false);
     } catch (err) {
       // console.log('error from can', err)
       return false;
     }
   }

   protected login(request: HelixUserRequest, response: Response) {
     const credential = request.body;
     if (!credential.username || !credential.password) {
       response.status(401).json(false);
       return;
     }

     // check LDAP
     const ldap = LdapClient.createClient({ url: LDAP.uri });
     ldap.bind(
       credential.username + LDAP.principalSuffix,
       credential.password,
       (err) => {
         if (err) {
           response.status(401).json(false);
         } else {
           // login success
           const opts = {
             filter:
               '(&(sAMAccountName=' +
               credential.username +
               ')(objectcategory=person))',
             scope: 'sub',
           };

           ldap.search(LDAP.base, opts, function (err, result) {
             let isInAdminGroup = false;
             result.on('searchEntry', function (entry) {
               if (entry.object && !err) {
                 const groups = entry.object['memberOf'];
                 for (const group of groups) {
                   const groupName = group.split(',', 1)[0].split('=')[1];
                   if (groupName == LDAP.adminGroup) {
                     isInAdminGroup = true;
                     break;
                   }
                 }
               }

               request.session.username = credential.username;
               request.session.isAdmin = isInAdminGroup;
               response.json(isInAdminGroup);
             });
           });
         }
       }
     );
   }
 }
	import { Request, Response, Router } from 'express';
	import * as LdapClient from 'ldapjs';

	import { LDAP } from '../config';
	import { HelixUserRequest } from './d';

	export class UserCtrl {
	constructor(router: Router) {
	router.route('/user/authorize').get(this.authorize);
	router.route('/user/login').post(this.login.bind(this));
	router.route('/user/current').get(this.current);
	router.route('/user/can').get(this.can);
	}

	protected authorize(req: HelixUserRequest, res: Response) {
	// you can rewrite this function to support your own authorization logic
	// by default, doing nothing but redirection
	if (req.query.url) {
	res.redirect(req.query.url as string);
	} else {
	res.redirect('/');
	}
	}

	protected current(req: HelixUserRequest, res: Response) {
	res.json(req.session.username \|\| 'Sign In');
	}

	protected can(req: HelixUserRequest, res: Response) {
	try {
	return res.json(req.session.isAdmin ? true : false);
	} catch (err) {
	// console.log('error from can', err)
	return false;
	}
	}

	protected login(request: HelixUserRequest, response: Response) {
	const credential = request.body;
	if (!credential.username \|\| !credential.password) {
	response.status(401).json(false);
	return;
	}

	// check LDAP
	const ldap = LdapClient.createClient({ url: LDAP.uri });
	ldap.bind(
	credential.username + LDAP.principalSuffix,
	credential.password,
	(err) => {
	if (err) {
	response.status(401).json(false);
	} else {
	// login success
	const opts = {
	filter:
	'(&(sAMAccountName=' +
	credential.username +
	')(objectcategory=person))',
	scope: 'sub',
	};

	ldap.search(LDAP.base, opts, function (err, result) {
	let isInAdminGroup = false;
	result.on('searchEntry', function (entry) {
	if (entry.object && !err) {
	const groups = entry.object['memberOf'];
	for (const group of groups) {
	const groupName = group.split(',', 1)[0].split('=')[1];
	if (groupName == LDAP.adminGroup) {
	isInAdminGroup = true;
	break;
	}
	}
	}

	request.session.username = credential.username;
	request.session.isAdmin = isInAdminGroup;
	response.json(isInAdminGroup);
	});
	});
	}
	}
	);
	}
	}