skyquake/framework/core/modules/api/sessions.js

   1 /*
   2  *
   3  *   Copyright 2016 RIFT.IO Inc
   4  *
   5  *   Licensed under the Apache License, Version 2.0 (the "License");
   6  *   you may not use this file except in compliance with the License.
   7  *   You may obtain a copy of the License at
   8  *
   9  *       http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  *   Unless required by applicable law or agreed to in writing, software
  12  *   distributed under the License is distributed on an "AS IS" BASIS,
  13  *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  *   See the License for the specific language governing permissions and
  15  *   limitations under the License.
  16  *
  17  */
  18
  19 /**
  20  * sessions api module. Provides API functions for sessions
  21  * @module framework/core/modules/api/sessions
  22  * @author Kiran Kashalkar <kiran.kashalkar@riftio.com>
  23  */
  24
  25 var Promise = require('bluebird');
  26 var constants = require('../../api_utils/constants');
  27 var utils = require('../../api_utils/utils');
  28 var request = utils.request;
  29 var rp = require('request-promise');
  30 var sessionsAPI = {};
  31 var _ = require('lodash');
  32 var base64 = require('base-64');
  33 var APIVersion = '/v2';
  34
  35 function logAndReject(mesg, reject) {
  36     res.errorMessage = {
  37         error: mesg
  38     }
  39     console.log(mesg);
  40     reject(res);
  41 }
  42
  43 function logAndRedirectToLogin(mesg, res, req) {
  44     console.log(mesg);
  45     res.render('login.html?api_server=' + req.query['api_server']);
  46     res.end();
  47 }
  48
  49 sessionsAPI.create = function(req, res) {
  50     var api_server = req.query["api_server"];
  51     var uri = utils.confdPort(api_server);
  52     var login_url = uri + APIVersion + '/api/login';
  53     var project_url = uri + APIVersion + '/api/operational/project';
  54     var authorization_header_string = 'Basic ' + base64.encode(req.body['username'] + ':' + req.body['password']);
  55     return new Promise(function(resolve, reject) {
  56         Promise.all([
  57             rp({
  58                 url: login_url,
  59                 method: 'POST',
  60                 headers: _.extend({}, constants.HTTP_HEADERS.accept.data, {
  61                     'Authorization': authorization_header_string
  62                 }),
  63                 forever: constants.FOREVER_ON,
  64                 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
  65                 resolveWithFullResponse: true
  66             }),
  67             rp({
  68                 url: project_url,
  69                 method: 'GET',
  70                 headers: _.extend({}, constants.HTTP_HEADERS.accept.collection, {
  71                     'Authorization': authorization_header_string
  72                 }),
  73                 forever: constants.FOREVER_ON,
  74                 rejectUnauthorized: constants.REJECT_UNAUTHORIZED,
  75                 resolveWithFullResponse: true
  76             })
  77
  78         ]).then(function(results) {
  79             // results[0].statusCode => 200/201
  80             // results[1].body.collection['rw-project:project'] => List of projects OR 204 with no content
  81             if (results[0].statusCode != constants.HTTP_RESPONSE_CODES.SUCCESS.OK) {
  82                 var errorMsg = 'Invalid credentials provided!';
  83                 logAndRedirectToLogin(errorMsg, res, req);
  84                 return;
  85             }
  86
  87             var username = req.body['username'];
  88             var project_list_for_user = [];
  89
  90             if (results[1].statusCode == constants.HTTP_RESPONSE_CODES.SUCCESS.NO_CONTENT) {
  91                 console.log('No projects added or user ', username ,' not privileged to view projects.');
  92             } else {
  93                 // go through projects and get list of projects that this user belongs to.
  94                 // pick first one as default project?
  95
  96                 var projects = JSON.parse(results[1].body).collection['rw-project:project'];
  97                 projects && projects.map(function(project) {
  98                     project['project-config'] &&
  99                     project['project-config']['user'] &&
 100                     project['project-config']['user'].map(function(user) {
 101                         if (user['user-name'] == username) {
 102                             project_list_for_user.push(project.name);
 103                         }
 104                     });
 105                 });
 106
 107                 req.session.projectId = (project_list_for_user.length > 0) && project_list_for_user[0];
 108             }
 109
 110             req.session.authorization = authorization_header_string;
 111             req.session.loggedIn = true;
 112
 113             var successMsg = 'User =>' + username + ' successfully logged in.';
 114             successMsg += req.session.projectId ? 'Project =>' + req.session.projectId + ' set as default.' : '';
 115
 116             console.log(successMsg);
 117
 118             var response = {
 119                 statusCode: constants.HTTP_RESPONSE_CODES.SUCCESS.CREATED,
 120                 data: JSON.stringify({
 121                     status: successMsg
 122                 })
 123             };
 124             resolve(response);
 125
 126         }).catch(function(error) {
 127             // Something went wrong - Redirect to /login
 128             var errorMsg = 'Error logging in or getting list of projects. Error: ' + error;
 129             console.log(errorMsg);
 130             logAndRedirectToLogin(errorMsg, res, req);
 131         });
 132     })
 133 };
 134
 135 sessionsAPI.addProjectToSession = function(req, res) {
 136     return new Promise(function(resolve, reject) {
 137         if (req.session && req.session.loggedIn == true) {
 138             req.session.projectId = req.params.projectId;
 139             var successMsg = 'Added project' + projectId + ' to session' + req.sessionID;
 140             console.log(successMsg);
 141
 142             return resolve ({
 143                 statusCode: constants.HTTP_RESPONSE_CODES.SUCCESS.OK,
 144                 data: JSON.stringify({
 145                     status: successMsg
 146                 })
 147             });
 148         }
 149
 150         var errorMsg = 'Session does not exist or not logged in';
 151         logAndReject(errorMsg, reject);
 152     });
 153 }
 154
 155 sessionsAPI.delete = function(req, res) {
 156     var reqRef = req;
 157     var res = res;
 158     var api_server = req.query["api_server"];
 159     var uri = utils.confdPort(api_server);
 160     var url = uri + '/api/logout';
 161     return new Promise(function(resolve, reject) {
 162         Promise.all([
 163             rp({
 164                 url: url,
 165                 method: 'POST',
 166                 headers: _.extend({}, constants.HTTP_HEADERS.accept.data, {
 167                     'Authorization': req.session.authorization
 168                 }),
 169                 forever: constants.FOREVER_ON,
 170                 rejectUnauthorized: constants.REJECT_UNAUTHORIZED
 171             }),
 172             new Promise(function(success, failure) {
 173                 req.session.destroy(function(err) {
 174                     if (err) {
 175                         var errorMsg = 'Error deleting session. Error: ' + err;
 176                         console.log(errorMsg);
 177                         success({
 178                             status: 'error',
 179                             message: errorMsg
 180                         });
 181                     }
 182
 183                     var successMsg = 'Success deleting session';
 184                     console.log(successMsg);
 185
 186                     success({
 187                         status: 'success',
 188                         message: successMsg
 189                     });
 190                 });
 191             })
 192         ]).then(function(result) {
 193             // assume the session was deleted!
 194             var message = 'Session was deleted.'
 195             logAndRedirectToLogin(message, res, req);
 196
 197         }).catch(function(error) {
 198             var message = 'Error deleting session or logging out. Error:' + error;
 199             logAndRedirectToLogin(message, res, req);
 200         });
 201     });
 202 }
 203
 204
 205 module.exports = sessionsAPI;