This repository has been archived by the owner on Mar 1, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
113 lines (99 loc) · 3.13 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
'use strict';
const url = require('url');
const Strategy = require('passport-saml').Strategy;
const utils = require('./utils');
const routersCreater = require('./routers');
module.exports = async app => {
const config = app.config.passportSaml;
if (!config.enable) return;
const res = await app.curl(url.resolve(config.idpHost, config.idpMetadataPath));
const idpMetadata = await utils.parserMetadata(res.data.toString());
if (!app.sessionStore) {
console.warn('Warning: we suggest you to deploy sessionStore with plugin such as egg-session-redis');
}
const cacheProvider = {
async save(key, value, callback) {
const cacheKey = `${app.name}_saml_${key}`;
if (!await app.sessionStore.get(cacheKey)) {
try {
await app.sessionStore.set(cacheKey, value);
} catch (err) {
callback(err);
}
callback(null, value);
} else {
callback(null, null);
}
},
async get(key, callback) {
// invokes 'callback' and passes the value if found, null otherwise
let cacheValue;
const cacheKey = `${app.name}_saml_${key}`;
try {
cacheValue = await app.sessionStore.get(cacheKey);
// console.log('get cacheValue:',cacheKey,cacheValue)
} catch (err) {
callback(err);
}
if (!cacheValue) {
callback(null, null);
} else {
callback(null, cacheValue);
}
},
async remove(key, callback) {
// removes the key from the cache, invokes `callback` with the
// key removed, null if no key is removed
let cacheValue;
const cacheKey = `${app.name}_saml_${key}`;
try {
cacheValue = await app.sessionStore.get(cacheKey);
// console.log('destroy cacheValue:',cacheKey,cacheValue)
} catch (err) {
callback(err);
}
if (!cacheValue) {
callback(null, null);
} else {
try {
await app.sessionStore.destroy(cacheKey);
} catch (err) {
callback(err);
}
callback(null, key);
}
},
};
const configForStrategy = {
passReqToCallback: true,
entryPoint: idpMetadata.sso.redirectUrl,
issuer: config.issuer,
logoutUrl: idpMetadata.slo.redirectUrl,
logoutCallbackUrl: `${config.issuer}/passport/saml/logout`,
callbackUrl: `${config.issuer}/passport/saml`,
cert: idpMetadata.signingKeys[0],
signatureAlgorithm: 'sha256',
validateInResponseTo: true,
cacheProvider: config.cacheProvider || cacheProvider,
privateCert: config.key,
decryptionPvk: config.key,
};
const strategy = new Strategy(configForStrategy, (req, user, done) => {
app.passport.doVerify(req, user, done);
});
strategy.getLogoutUrl = async ctx => {
const req = ctx.req;
return new Promise((reslove, reject) => {
strategy.logout(req, (err, url) => {
err ? reject(err) : reslove(url);
});
});
};
strategy.getSPMetadata = () => {
return app.passportSaml.generateServiceProviderMetadata(config.cert);
};
app.passportSaml = strategy;
app.passport.use(strategy);
if (!config.mountRouter) return;
routersCreater(app);
};