-
Notifications
You must be signed in to change notification settings - Fork 6
/
basic-auth.json
74 lines (74 loc) · 3.52 KB
/
basic-auth.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
[
{
"id": "b226928597254811",
"type": "comment",
"z": "c63466f5ec185814",
"name": "basic HTTP authorization (w/o expiration)",
"info": "",
"x": 180,
"y": 40,
"wires": []
},
{
"id": "044b8567a46bcbc1",
"type": "function",
"z": "c63466f5ec185814",
"name": "validate authorization",
"func": " let Credentials = msg.req.headers['authorization'] || ''\n if (! Credentials.startsWith('Basic')) {\n return withAuthorizationRequest()\n }\n\n Credentials = Credentials.replace(/^Basic\\s+/,'') // still Base64-encoded\n try {\n Credentials = (new Buffer(Credentials,'base64')).toString('utf8')\n } catch (Signal) { return withAuthorizationRequest() }\n\n let UserId = Credentials.replace(/:.*$/,'').trim().toLowerCase()\n let Password = Credentials.replace(/^[^:]+:/,'').trim()\n\n let UserRegistry = global.get('UserRegistry') || Object.create(null)\n if (UserId in UserRegistry) {\n let UserSpecs = UserRegistry[UserId]\n if (UserSpecs.Password === Password) { // internal optimization\n return withAuthorizationOf(UserId,UserSpecs.Roles || [])\n }\n\n let PBKDF2Iterations = global.get('PBKDF2Iterations') || 100000\n crypto.pbkdf2(\n Password, Buffer.from(UserSpecs.Salt,'hex'), PBKDF2Iterations, 64, 'sha512',\n function (Error, computedHash) {\n if ((Error == null) && (computedHash.toString('hex') === UserSpecs.Hash)) {\n UserSpecs.Password = Password // speeds up future auth. requests\n return withAuthorizationOf(UserId,UserSpecs.Roles || [])\n } else {\n return withAuthorizationRequest()\n }\n }\n )\n } else {\n return withAuthorizationRequest()\n }\n\n function withAuthorizationOf (UserId, UserRoles) {\n if ((msg.requiredRole == null) || (UserRoles.indexOf(msg.requiredRole) >= 0)) {\n msg.authenticatedUser = UserId\n msg.authorizedRoles = UserRoles\n \n node.send([msg,null])\n node.done()\n } else {\n return withAuthorizationRequest()\n }\n }\n\n function withAuthorizationRequest () {\n msg.headers = msg.headers || {}\n msg.headers['WWW-Authenticate'] = 'Basic'\n\n msg.payload = 'Unauthorized'\n msg.statusCode = 401\n\n node.send([null,msg])\n node.done()\n }\n",
"outputs": 2,
"noerr": 0,
"initialize": "",
"finalize": "",
"libs": [
{
"var": "crypto",
"module": "crypto"
}
],
"x": 280,
"y": 100,
"wires": [
[
"e0e0d17d3102670c"
],
[
"368ab4163a1781fe"
]
]
},
{
"id": "e64025c431b73536",
"type": "reusable-in",
"z": "c63466f5ec185814",
"name": "basic auth",
"info": "describe your reusable flow here",
"scope": "global",
"x": 80,
"y": 100,
"wires": [
[
"044b8567a46bcbc1"
]
]
},
{
"id": "e0e0d17d3102670c",
"type": "reusable-out",
"z": "c63466f5ec185814",
"name": "authorized",
"position": 1,
"x": 490,
"y": 80,
"wires": []
},
{
"id": "368ab4163a1781fe",
"type": "reusable-out",
"z": "c63466f5ec185814",
"name": "unauthorized",
"position": "2",
"x": 490,
"y": 120,
"wires": []
}
]