3 * Copyright 2016 RIFT.IO Inc
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * sessions api module. Provides API functions for sessions
21 * @module framework/core/modules/api/sessions
22 * @author Kiran Kashalkar <kiran.kashalkar@riftio.com>
25 var Promise
= require('bluebird');
26 var constants
= require('../../api_utils/constants');
27 var utils
= require('../../api_utils/utils');
28 var request
= utils
.request
;
29 var rp
= require('request-promise');
31 var _
= require('lodash');
32 var base64
= require('base-64');
33 var APIVersion
= '/v2';
35 function logAndReject(mesg
, reject
) {
43 function logAndRedirectToLogin(mesg
, res
, req
) {
45 res
.render('login.html?api_server=' + req
.query
['api_server']);
49 sessionsAPI
.create = function(req
, res
) {
50 var api_server
= req
.query
["api_server"];
51 var uri
= utils
.confdPort(api_server
);
52 var login_url
= uri
+ APIVersion
+ '/api/login';
53 var project_url
= uri
+ APIVersion
+ '/api/operational/project';
54 var authorization_header_string
= 'Basic ' + base64
.encode(req
.body
['username'] + ':' + req
.body
['password']);
55 return new Promise(function(resolve
, reject
) {
60 headers
: _
.extend({}, constants
.HTTP_HEADERS
.accept
.data
, {
61 'Authorization': authorization_header_string
63 forever
: constants
.FOREVER_ON
,
64 rejectUnauthorized
: constants
.REJECT_UNAUTHORIZED
,
65 resolveWithFullResponse
: true
70 headers
: _
.extend({}, constants
.HTTP_HEADERS
.accept
.collection
, {
71 'Authorization': authorization_header_string
73 forever
: constants
.FOREVER_ON
,
74 rejectUnauthorized
: constants
.REJECT_UNAUTHORIZED
,
75 resolveWithFullResponse
: true
78 ]).then(function(results
) {
79 // results[0].statusCode => 200/201
80 // results[1].body.collection['rw-project:project'] => List of projects OR 204 with no content
81 if (results
[0].statusCode
!= constants
.HTTP_RESPONSE_CODES
.SUCCESS
.OK
) {
82 var errorMsg
= 'Invalid credentials provided!';
83 logAndRedirectToLogin(errorMsg
, res
, req
);
87 var username
= req
.body
['username'];
88 var project_list_for_user
= [];
90 if (results
[1].statusCode
== constants
.HTTP_RESPONSE_CODES
.SUCCESS
.NO_CONTENT
) {
91 console
.log('No projects added or user ', username
,' not privileged to view projects.');
93 // go through projects and get list of projects that this user belongs to.
94 // pick first one as default project?
96 var projects
= JSON
.parse(results
[1].body
).collection
['rw-project:project'];
97 projects
&& projects
.map(function(project
) {
98 project
['project-config'] &&
99 project
['project-config']['user'] &&
100 project
['project-config']['user'].map(function(user
) {
101 if (user
['user-name'] == username
) {
102 project_list_for_user
.push(project
.name
);
107 req
.session
.projectId
= (project_list_for_user
.length
> 0) && project_list_for_user
[0];
110 req
.session
.authorization
= authorization_header_string
;
111 req
.session
.loggedIn
= true;
113 var successMsg
= 'User =>' + username
+ ' successfully logged in.';
114 successMsg
+= req
.session
.projectId
? 'Project =>' + req
.session
.projectId
+ ' set as default.' : '';
116 console
.log(successMsg
);
119 statusCode
: constants
.HTTP_RESPONSE_CODES
.SUCCESS
.CREATED
,
120 data
: JSON
.stringify({
126 }).catch(function(error
) {
127 // Something went wrong - Redirect to /login
128 var errorMsg
= 'Error logging in or getting list of projects. Error: ' + error
;
129 console
.log(errorMsg
);
130 logAndRedirectToLogin(errorMsg
, res
, req
);
135 sessionsAPI
.addProjectToSession = function(req
, res
) {
136 return new Promise(function(resolve
, reject
) {
137 if (req
.session
&& req
.session
.loggedIn
== true) {
138 req
.session
.projectId
= req
.params
.projectId
;
139 var successMsg
= 'Added project' + projectId
+ ' to session' + req
.sessionID
;
140 console
.log(successMsg
);
143 statusCode
: constants
.HTTP_RESPONSE_CODES
.SUCCESS
.OK
,
144 data
: JSON
.stringify({
150 var errorMsg
= 'Session does not exist or not logged in';
151 logAndReject(errorMsg
, reject
);
155 sessionsAPI
.delete = function(req
, res
) {
158 var api_server
= req
.query
["api_server"];
159 var uri
= utils
.confdPort(api_server
);
160 var url
= uri
+ '/api/logout';
161 return new Promise(function(resolve
, reject
) {
166 headers
: _
.extend({}, constants
.HTTP_HEADERS
.accept
.data
, {
167 'Authorization': req
.session
.authorization
169 forever
: constants
.FOREVER_ON
,
170 rejectUnauthorized
: constants
.REJECT_UNAUTHORIZED
172 new Promise(function(success
, failure
) {
173 req
.session
.destroy(function(err
) {
175 var errorMsg
= 'Error deleting session. Error: ' + err
;
176 console
.log(errorMsg
);
183 var successMsg
= 'Success deleting session';
184 console
.log(successMsg
);
192 ]).then(function(result
) {
193 // assume the session was deleted!
194 var message
= 'Session was deleted.'
195 logAndRedirectToLogin(message
, res
, req
);
197 }).catch(function(error
) {
198 var message
= 'Error deleting session or logging out. Error:' + error
;
199 logAndRedirectToLogin(message
, res
, req
);
205 module
.exports
= sessionsAPI
;