diff --git a/src/api/routes/auth.js b/src/api/routes/auth.js index 37c7f5a..d20dc8a 100644 --- a/src/api/routes/auth.js +++ b/src/api/routes/auth.js @@ -3,28 +3,40 @@ import axios from "axios"; import { logger } from "../../utils/index.js"; import { decode } from "jsonwebtoken"; import jwt from "jsonwebtoken"; -import base64url from "base64url"; import jwkToPem from "jwk-to-pem"; -import { sendHTTPError } from "../../utils/http.js"; +import localStorage from "local-storage"; const router = Router(); -router.post("/", (req, res) => { - logger.debug("Auth route called"); - logger.debug("Headers:"); - logger.debug(JSON.stringify(req.headers, null, 2)); - logger.debug("Query:"); - logger.debug(JSON.stringify(req.query, null, 2)); - logger.debug("Body:"); - logger.debug(JSON.stringify(req.body, null, 2)); - var authHeader = req.headers.authorization; - const prefix = "OIDC_id_token "; - if (authHeader && authHeader.startsWith(prefix)) { - var token = authHeader.substring(prefix.length, authHeader.length); +router.all("/", (req, res, next) => { - // base64 should be URL encoded and padding should be removed. - token = base64url.fromBase64(token.replace(/=/g, "")); + var token = null; + var sessionIdentifier = null; + const cookiePrefix = "__Host-VRNTOTCT"; + if (req.cookies) { + logger.debug( + `Checking ${cookiePrefix}... Cookie as this takes presidence over Authorization Header ...` + ); + Object.keys(req.cookies).forEach((key) => { + if (key.startsWith(cookiePrefix)) { + logger.info(`Found ${key} cookie using value for token`); + token = req.cookies[key]; + sessionIdentifier = key.substring(cookiePrefix.length); + } + }); + } + if (!token && req.headers.authorization) { + logger.debug("Checking Authorization Header for OIDC_id_token ..."); + var authHeader = req.headers.authorization; + const prefix = "OIDC_id_token "; + if (authHeader && authHeader.startsWith(prefix)) { + logger.info("Found OIDC_id_token in Authorization Header"); + token = authHeader.substring(prefix.length, authHeader.length); + } + } + + if (token) { const decoded = decode(token); logger.debug(`Decoded [${JSON.stringify(decoded, null, 2)}]`); @@ -53,22 +65,45 @@ router.post("/", (req, res) => { algorithms: [key.alg], }); logger.debug(`Verified [${JSON.stringify(verified, null, 2)}]`); + + const issSplit = verified.iss.split("/oidc-token-service/"); + + const authData = { + token: token, + host: issSplit[0], + tenant: issSplit[1], + }; + + logger.info( + `Adding ${ + verified.sub + } to local-stoage for environment ${JSON.stringify(authData)}` + ); + localStorage(verified.sub, authData); + + if (sessionIdentifier && sessionIdentifier.length > 0) { + logger.info( + `Adding ${sessionIdentifier} to local-stoage for environment ${JSON.stringify( + authData + )}` + ); + localStorage(sessionIdentifier, authData); + } + res.send(decoded); } catch (err) { logger.error(`Verify failed [${JSON.stringify(err, null, 2)}].`); - sendHTTPError(err, res); + next(err); } } }) .catch((err) => { logger.error(`JWK Request failed [${JSON.stringify(err, null, 2)}].`); - sendHTTPError(err, res); + next(err); }); } } else { - sendHTTPError( - new Error("No OIDC_id_token found in Authentication header.") - ); + next(new Error("Unable to authenticate, no token found")); } });