mirror of
https://gitlab.com/wgp/dougal/software.git
synced 2025-12-06 11:57:08 +00:00
70 lines
1.4 KiB
JavaScript
70 lines
1.4 KiB
JavaScript
const dns = require('dns');
|
|
const { Netmask } = require('netmask');
|
|
const cfg = require('../../../lib/config');
|
|
const jwt = require('../../../lib/jwt');
|
|
|
|
async function authorisedIP (req, res) {
|
|
const validIPs = cfg._("global.users.login.ip") || {};
|
|
for (const key in validIPs) {
|
|
const block = new Netmask(key);
|
|
if (block.contains(req.ip)) {
|
|
const payload = Object.assign({
|
|
ip: req.ip,
|
|
autologin: true
|
|
}, validIPs[key]);
|
|
jwt.issue(payload, req, res);
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
async function authorisedHost (req, res) {
|
|
const validHosts = cfg._("global.users.login.host") || {};
|
|
for (const key in validHosts) {
|
|
try {
|
|
const ip = await dns.promises.resolve(key);
|
|
if (ip == req.ip) {
|
|
const payload = Object.assign({
|
|
ip: req.ip,
|
|
host: key,
|
|
autologin: true
|
|
}, validHosts[key]);
|
|
jwt.issue(payload, req, res);
|
|
return true;
|
|
}
|
|
} catch (err) {
|
|
if (err.errno != "ENODATA") {
|
|
console.error(err);
|
|
}
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
async function auth (req, res, next) {
|
|
|
|
// Check for a valid JWT (already decoded by a previous
|
|
// middleware).
|
|
if (req.user) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
// Check if the IP is known to us
|
|
if (await authorisedIP(req, res)) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
// Check if the hostname is known to us
|
|
if (await authorisedHost(req, res)) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
next({status: 401, message: "Not authorised"});
|
|
}
|
|
|
|
module.exports = auth;
|