Google Git
Sign in
apache / helix / ef684139187f2a33c1941e4075e76f8c2c104746 / . / helix-front / server / controllers / user.ts
blob: 77272551e0cb80100ed1d7a1656236035d898c0c [file] [log] [blame]
import {Request, Response, Router} from 'express';
import * as LdapClient from 'ldapjs';
import {LDAP} from '../config';
export class UserCtrl {
constructor(router: Router) {
router.route('/user/authorize').get(this.authorize);
router.route('/user/login').post(this.login.bind(this));
router.route('/user/current').get(this.current);
router.route('/user/can').get(this.can);
}
protected authorize(req: Request, res: Response) {
// you can rewrite this function to support your own authorization logic
// by default, doing nothing but redirection
if (req.query.url) {
res.redirect(req.query.url);
} else {
res.redirect('/');
}
}
protected current(req: Request, res: Response) {
res.json(req.session.username || 'Sign In');
}
protected can(req: Request, res: Response) {
res.json(req.session.isAdmin ? true : false);
}
protected login(request: Request, response: Response) {
const credential = request.body;
if (!credential.username || !credential.password) {
response.status(401).json(false);
return;
}
// check LDAP
const ldap = LdapClient.createClient({ url: LDAP.uri });
ldap.bind(credential.username + LDAP.principalSuffix, credential.password, err => {
if (err) {
response.status(401).json(false);
} else {
// login success
let opts = {
filter: '(&(sAMAccountName=' + credential.username + ')(objectcategory=person))',
scope: 'sub'
};
ldap.search(LDAP.base, opts, function(err, result) {
var isInAdminGroup = false;
result.on('searchEntry', function (entry) {
if (entry.object && !err) {
let groups = entry.object["memberOf"];
for (var group of groups) {
const groupName = group.split(",", 1)[0].split("=")[1];
if (groupName == LDAP.adminGroup) {
isInAdminGroup = true;
break;
}
}
}
request.session.username = credential.username;
request.session.isAdmin = isInAdminGroup;
response.json(isInAdminGroup);
});
});
}
});
}
}