3 * Copyright 2016 RIFT.IO Inc
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * sessions api module. Provides API functions for sessions
21 * @module framework/core/modules/api/sessions
22 * @author Kiran Kashalkar <kiran.kashalkar@riftio.com>
25 var Promise
= require('bluebird');
26 var constants
= require('../../api_utils/constants');
27 var utils
= require('../../api_utils/utils');
28 var request
= utils
.request
;
29 var rp
= require('request-promise');
31 var _
= require('lodash');
32 var base64
= require('base-64');
33 var APIVersion
= '/v2';
34 var configurationAPI
= require('./configuration');
36 function logAndReject(mesg
, reject
, errCode
) {
40 res
.statusCode
= errCode
|| constants
.HTTP_RESPONSE_CODES
.ERROR
.BAD_REQUEST
;
45 function logAndRedirectToLogin(mesg
, res
, req
) {
46 var api_server
= req
.query
['api_server'] || (req
.protocol
+ '://' + configurationAPI
.globalConfiguration
.get().api_server
);
47 var upload_server
= req
.protocol
+ '://' + (configurationAPI
.globalConfiguration
.get().upload_server
|| req
.hostname
);
49 res
.redirect('login.html?api_server=' + api_server
+ '&upload_server=' + upload_server
+ '&referer=' + encodeURIComponent(req
.headers
.referer
));
53 sessionsAPI
.create = function(req
, res
) {
54 var api_server
= req
.query
["api_server"];
55 var uri
= utils
.confdPort(api_server
);
56 var login_url
= uri
+ APIVersion
+ '/api/login';
57 var project_url
= uri
+ APIVersion
+ '/api/operational/project';
58 var authorization_header_string
= 'Basic ' + base64
.encode(req
.body
['username'] + ':' + req
.body
['password']);
59 return new Promise(function(resolve
, reject
) {
64 headers
: _
.extend({}, constants
.HTTP_HEADERS
.accept
.data
, {
65 'Authorization': authorization_header_string
67 forever
: constants
.FOREVER_ON
,
68 rejectUnauthorized
: constants
.REJECT_UNAUTHORIZED
,
69 resolveWithFullResponse
: true
74 headers
: _
.extend({}, constants
.HTTP_HEADERS
.accept
.collection
, {
75 'Authorization': authorization_header_string
77 forever
: constants
.FOREVER_ON
,
78 rejectUnauthorized
: constants
.REJECT_UNAUTHORIZED
,
79 resolveWithFullResponse
: true
82 ]).then(function(results
) {
83 // results[0].statusCode => 200/201
84 // results[1].body.collection['rw-project:project'] => List of projects OR 204 with no content
85 if (results
[0].statusCode
!= constants
.HTTP_RESPONSE_CODES
.SUCCESS
.OK
) {
86 var errorMsg
= 'Invalid credentials provided!';
87 logAndRedirectToLogin(errorMsg
, res
, req
);
91 var username
= req
.body
['username'];
92 var project_list_for_user
= [];
94 if (results
[1].statusCode
== constants
.HTTP_RESPONSE_CODES
.SUCCESS
.NO_CONTENT
) {
95 console
.log('No projects added or user ', username
,' not privileged to view projects.');
97 // go through projects and get list of projects that this user belongs to.
98 // pick first one as default project?
100 var projects
= JSON
.parse(results
[1].body
).collection
['rw-project:project'];
101 projects
&& projects
.map(function(project
) {
102 project
['project-config'] &&
103 project
['project-config']['user'] &&
104 project
['project-config']['user'].map(function(user
) {
105 if (user
['user-name'] == username
) {
106 project_list_for_user
.push(project
);
107 user
['rw-project-mano:mano-role'] && user
['rw-project-mano:mano-role'].map(function(role
) {
108 if(role
.role
.indexOf('rw-project-mano:lcm') > -1) {
115 if (project_list_for_user
.length
> 0) {
116 req
.session
.projectId
= project_list_for_user
.sort() && project_list_for_user
[0].name
;
117 req
.session
.isLCM
= isLCM
;
121 req
.session
.authorization
= authorization_header_string
;
122 req
.session
.loggedIn
= true;
123 req
.session
.userdata
= {
125 // project: req.session.projectId
127 req
.session
.redirect
= true;
128 var successMsg
= 'User => ' + username
+ ' successfully logged in.';
129 successMsg
+= req
.session
.projectId
? 'Project => ' + req
.session
.projectId
+ ' set as default.' : '';
131 console
.log(successMsg
);
134 statusCode
: constants
.HTTP_RESPONSE_CODES
.SUCCESS
.CREATED
,
135 data
: JSON
.stringify({
140 req
.session
.save(function(err
) {
142 console
.log('Error saving session to store', err
);
148 }).catch(function(error
) {
149 // Something went wrong - Redirect to /login
150 var errorMsg
= 'Error logging in or getting list of projects. Error: ' + error
;
151 console
.log(errorMsg
);
152 logAndRedirectToLogin(errorMsg
, res
, req
);
157 sessionsAPI
.addProjectToSession = function(req
, res
) {
158 return new Promise(function(resolve
, reject
) {
159 if (req
.session
&& req
.session
.loggedIn
== true) {
160 req
.session
.projectId
= req
.params
.projectId
;
161 req
.session
.save(function(err
) {
163 console
.log('Error saving session to store', err
);
165 var successMsg
= 'Added project ' + req
.session
.projectId
+ ' to session ' + req
.sessionID
;
166 console
.log(successMsg
);
169 statusCode
: constants
.HTTP_RESPONSE_CODES
.SUCCESS
.OK
,
170 data
: JSON
.stringify({
175 var errorMsg
= 'Session does not exist or not logged in';
176 logAndReject(errorMsg
, reject
, constants
.HTTP_RESPONSE_CODES
.ERROR
.NOT_FOUND
);
182 sessionsAPI
.delete = function(req
, res
) {
183 var api_server
= req
.query
["api_server"];
184 var uri
= utils
.confdPort(api_server
);
185 var url
= uri
+ '/api/logout';
186 req
.returnTo
= req
.headers
.referer
;
187 return new Promise(function(resolve
, reject
) {
192 headers
: _
.extend({}, constants
.HTTP_HEADERS
.accept
.data
, {
193 'Authorization': req
.session
.authorization
195 forever
: constants
.FOREVER_ON
,
196 rejectUnauthorized
: constants
.REJECT_UNAUTHORIZED
,
197 resolveWithFullResponse
: true
199 new Promise(function(success
, failure
) {
200 req
.session
.destroy(function(err
) {
202 var errorMsg
= 'Error deleting session. Error: ' + err
;
203 console
.log(errorMsg
);
210 var successMsg
= 'Success deleting session';
211 console
.log(successMsg
);
219 ]).then(function(result
) {
220 // assume the session was deleted!
221 var message
= 'Session was deleted.'
222 logAndRedirectToLogin(message
, res
, req
);
224 }).catch(function(error
) {
225 var message
= 'Error deleting session or logging out. Error:' + error
;
226 logAndRedirectToLogin(message
, res
, req
);
232 module
.exports
= sessionsAPI
;