api/admin/passport.js
const Passport = require('passport');
const GitHubStrategy = require('passport-github').Strategy;
const config = require('../../config');
const env = require('../../services/environment')();
const { User } = require('../models');
const { createUAAStrategy, verifyUAAUser } = require('../services/uaaStrategy');
const GitHub = require('../services/GitHub');
const Features = require('../features');
const passport = new Passport.Passport();
passport.serializeUser((user, next) => {
next(null, user.id);
});
passport.deserializeUser((id, next) => {
User.findByPk(id).then((user) => {
next(null, user);
});
});
/**
* Github Auth
*/
const githubOptions = config.passport.github.authorizationOptions;
githubOptions.callbackURL = `${env.APP_HOSTNAME}/admin/auth/github2/callback`;
async function verifyGithub(accessToken, _refreshToken, profile, callback) {
const { id, username } = profile;
try {
await GitHub.ensureFederalistAdmin(accessToken, username.toLowerCase());
const user = await User.findOne({ where: { githubUserId: id } });
return callback(null, user);
} catch (err) {
return callback(err);
}
}
passport.use('github', new GitHubStrategy(githubOptions, verifyGithub));
/**
* UAA Auth
*/
if (Features.enabled(Features.Flags.FEATURE_AUTH_UAA)) {
const uaaOptions = {
...config.passport.uaa.options,
callbackURL: `${config.app.hostname}/admin/auth/uaa/callback`,
logoutCallbackURL: `${config.app.hostname}/admin/auth/uaa/logout`,
passReqToCallback: true,
};
const verify = async (req, accessToken, refreshToken, profile, callback) => {
try {
const supportUser = await verifyUAAUser(accessToken, refreshToken, profile, ['pages.support']);
if (supportUser) {
req.session.role = 'pages.support';
return callback(null, supportUser);
}
const adminUser = await verifyUAAUser(accessToken, refreshToken, profile, ['pages.admin']);
if (adminUser) {
req.session.role = 'pages.admin';
return callback(null, adminUser);
}
return callback(null, false);
} catch (err) {
return callback(err);
}
};
const uaaStrategy = createUAAStrategy(uaaOptions, verify);
passport.use('uaa', uaaStrategy);
passport.logout = (req, res) => {
req.logout();
res.redirect(uaaStrategy.logoutRedirectURL);
};
}
module.exports = passport;