projects / osm / UI.git / blob
? search:


9736f8803f13944ffe12d1d9c6579e224b9771f6
[osm/UI.git] / skyquake / framework / core / modules / api / sessions.js
1 /*
2 *
3 * Copyright 2016 RIFT.IO Inc
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 /**
20 * sessions api module. Provides API functions for sessions
21 * @module framework/core/modules/api/sessions
22 * @author Kiran Kashalkar <kiran.kashalkar@riftio.com>
23 */
24
25 var Promise = require('bluebird');
26 var constants = require('../../api_utils/constants');
27 var utils = require('../../api_utils/utils');
28 var request = utils.request;
29 var rp = require('request-promise');
30 var sessionsAPI = {};
31 var _ = require('lodash');
32 var base64 = require('base-64');
33 var APIVersion = '/v2';
34 var configurationAPI = require('./configuration');
35
36 function logAndReject(mesg, reject, errCode) {
37 res.errorMessage = {
38 error: mesg
39 }
40 res.statusCode = errCode || constants.HTTP_RESPONSE_CODES.ERROR.BAD_REQUEST;
41 console.log(mesg);
42 reject(res);
43 }
44
45 function logAndRedirectToLogin(mesg, res, req) {
46 var api_server = req.query['api_server'] || (req.protocol + '://' + configurationAPI.globalConfiguration.get().api_server);
47 var upload_server = req.protocol + '://' + (configurationAPI.globalConfiguration.get().upload_server || req.hostname);
48 console.log(mesg);
49 res.redirect('login.html?api_server=' + api_server + '&upload_server=' + upload_server + '&referer=' + req.headers.referer);
50 res.end();
51 }
52
53 sessionsAPI.create = function(req, res) {
54 var api_server = req.query["api_server"];
55 var uri = utils.confdPort(api_server);
56 var login_url = uri + APIVersion + '/api/login';
57 var project_url = uri + APIVersion + '/api/operational/project';
58 var authorization_header_string = 'Basic ' + base64.encode(req.body['username'] + ':' + req.body['password']);
59 return new Promise(function(resolve, reject) {
60 Promise.all([
61 rp({
62 url: login_url,
63 method: 'POST',
64 headers: _.extend({}, constants.HTTP_HEADERS.accept.data, {
65 'Authorization': authorization_header_string
66 }),
67 forever: constants.FOREVER_ON,
68 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
69 resolveWithFullResponse: true
70 }),
71 rp({
72 url: project_url,
73 method: 'GET',
74 headers: _.extend({}, constants.HTTP_HEADERS.accept.collection, {
75 'Authorization': authorization_header_string
76 }),
77 forever: constants.FOREVER_ON,
78 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
79 resolveWithFullResponse: true
80 })
81
82 ]).then(function(results) {
83 // results[0].statusCode => 200/201
84 // results[1].body.collection['rw-project:project'] => List of projects OR 204 with no content
85 if (results[0].statusCode != constants.HTTP_RESPONSE_CODES.SUCCESS.OK) {
86 var errorMsg = 'Invalid credentials provided!';
87 logAndRedirectToLogin(errorMsg, res, req);
88 return;
89 }
90
91 var username = req.body['username'];
92 var project_list_for_user = [];
93
94 if (results[1].statusCode == constants.HTTP_RESPONSE_CODES.SUCCESS.NO_CONTENT) {
95 console.log('No projects added or user ', username ,' not privileged to view projects.');
96 } else {
97 // go through projects and get list of projects that this user belongs to.
98 // pick first one as default project?
99 var isLCM = false;
100 var projects = JSON.parse(results[1].body).collection['rw-project:project'];
101 projects && projects.map(function(project) {
102 project['project-config'] &&
103 project['project-config']['user'] &&
104 project['project-config']['user'].map(function(user) {
105 if (user['user-name'] == username) {
106 project_list_for_user.push(project);
107 user.role.map(function(role) {
108 if(role.role.indexOf('rw-project-mano:lcm') > -1) {
109 isLCM = true;
110 }
111 })
112 }
113 });
114 });
115 if (project_list_for_user.length > 0) {
116 req.session.projectId = project_list_for_user.sort() && project_list_for_user[0].name;
117 req.session.isLCM = isLCM;
118 }
119 }
120
121 req.session.authorization = authorization_header_string;
122 req.session.loggedIn = true;
123 req.session.userdata = {
124 username: username,
125 // project: req.session.projectId
126 };
127 var successMsg = 'User => ' + username + ' successfully logged in.';
128 successMsg += req.session.projectId ? 'Project => ' + req.session.projectId + ' set as default.' : '';
129
130 console.log(successMsg);
131
132 var response = {
133 statusCode: constants.HTTP_RESPONSE_CODES.SUCCESS.CREATED,
134 data: JSON.stringify({
135 status: successMsg
136 })
137 };
138
139 req.session.save(function(err) {
140 if (err) {
141 console.log('Error saving session to store', err);
142 }
143 })
144
145 resolve(response);
146
147 }).catch(function(error) {
148 // Something went wrong - Redirect to /login
149 var errorMsg = 'Error logging in or getting list of projects. Error: ' + error;
150 console.log(errorMsg);
151 logAndRedirectToLogin(errorMsg, res, req);
152 });
153 })
154 };
155
156 sessionsAPI.addProjectToSession = function(req, res) {
157 return new Promise(function(resolve, reject) {
158 if (req.session && req.session.loggedIn == true) {
159 req.session.projectId = req.params.projectId;
160 req.session.save(function(err) {
161 if (err) {
162 console.log('Error saving session to store', err);
163 }
164 var successMsg = 'Added project ' + req.session.projectId + ' to session ' + req.sessionID;
165 console.log(successMsg);
166
167 return resolve ({
168 statusCode: constants.HTTP_RESPONSE_CODES.SUCCESS.OK,
169 data: JSON.stringify({
170 status: successMsg
171 })
172 });
173
174 var errorMsg = 'Session does not exist or not logged in';
175 logAndReject(errorMsg, reject, constants.HTTP_RESPONSE_CODES.ERROR.NOT_FOUND);
176 });
177 }
178 });
179 }
180
181 sessionsAPI.delete = function(req, res) {
182 var api_server = req.query["api_server"];
183 var uri = utils.confdPort(api_server);
184 var url = uri + '/api/logout';
185 req.returnTo = req.headers.referer;
186 return new Promise(function(resolve, reject) {
187 Promise.all([
188 rp({
189 url: url,
190 method: 'POST',
191 headers: _.extend({}, constants.HTTP_HEADERS.accept.data, {
192 'Authorization': req.session.authorization
193 }),
194 forever: constants.FOREVER_ON,
195 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
196 resolveWithFullResponse: true
197 }),
198 new Promise(function(success, failure) {
199 req.session.destroy(function(err) {
200 if (err) {
201 var errorMsg = 'Error deleting session. Error: ' + err;
202 console.log(errorMsg);
203 success({
204 status: 'error',
205 message: errorMsg
206 });
207 }
208
209 var successMsg = 'Success deleting session';
210 console.log(successMsg);
211
212 success({
213 status: 'success',
214 message: successMsg
215 });
216 });
217 })
218 ]).then(function(result) {
219 // assume the session was deleted!
220 var message = 'Session was deleted.'
221 logAndRedirectToLogin(message, res, req);
222
223 }).catch(function(error) {
224 var message = 'Error deleting session or logging out. Error:' + error;
225 logAndRedirectToLogin(message, res, req);
226 });
227 });
228 }
229
230
231 module.exports = sessionsAPI;