-
Notifications
You must be signed in to change notification settings - Fork 0
/
router.js
102 lines (81 loc) · 2.23 KB
/
router.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
const express = require('express');
const session = require('express-session');
const MongoDBStore = require('connect-mongodb-session')(session);
const passport = require('passport');
const Auth0Strategy = require('passport-auth0');
const { ADMIN_WHITELIST } = require('./config');
const adminRouter = require('./admin');
const app = express();
store = new MongoDBStore({
uri: `mongodb://${process.env.MONGO_HOST}/${process.env.MONGO_DB}?connectTimeoutMS=30000`,
collection: 'sessions'
});
app.use(session({
secret: process.env.SECRET,
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
},
store: store,
resave: true,
saveUninitialized: true
}));
const strategy = new Auth0Strategy(
{
domain: process.env.AUTH_ZERO_DOMAIN,
clientID: process.env.AUTH_ZERO_CLIENT_ID,
clientSecret: process.env.AUTH_ZERO_CLIENT_SECRET,
callbackURL: '/callback'
}, function(accessToken, refreshToken, extraParams, profile, done) {
// accessToken is the token to call Auth0 API (not needed in the most cases)
// extraParams.id_token has the JSON Web Token
// profile has all the information from the user
return done(null, profile);
}
);
passport.use(strategy);
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
app.use(passport.initialize());
app.use(passport.session());
app.get('/callback',
passport.authenticate('auth0', { failureRedirect: '/login' }),
function(req, res) {
if (!req.user) {
throw new Error('user null');
}
if (ADMIN_WHITELIST.indexOf(req.user.user_id) != -1) {
req.session.isAdmin = true;
}
res.redirect("/");
}
);
app.get('/login',
passport.authenticate('auth0', { scope: 'openid profile' }),
function (req, res) {
if (!req.user) {
throw new Error('user null');
}
res.redirect("/");
}
);
app.get('/logout', function(req, res) {
req.session.isAdmin = false;
req.logout();
res.redirect('/');
});
app.get('/', (req, res) => {
return res.send("HOME");
});
function adminGuard(req, res, next) {
if (!req.session.isAdmin) {
res.send("BLOCKED!");
} else {
next();
}
}
app.use('/admin', adminGuard, adminRouter);
module.exports = app;