44 lines
1.4 KiB
JavaScript
Executable File
44 lines
1.4 KiB
JavaScript
Executable File
import express from "express";
|
|
import cookieParser from "cookie-parser";
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use(cookieParser());
|
|
|
|
const USERS = { "admin":"test123" }; // mocked
|
|
|
|
app.post("/api/login", (req,res)=>{
|
|
const { user, pass } = req.body;
|
|
|
|
console.log(`Auth-Service login attempt for ${user}`);
|
|
if(USERS[user] && USERS[user] === pass){
|
|
// Set Session Cookie
|
|
res.cookie("SESSIONID", "dummy-session-"+user, {
|
|
httpOnly: true,
|
|
secure: true, // production: require HTTPS
|
|
domain: ".server.schooltech.ch", // allow cookie for subdomains
|
|
sameSite: "None", // required for third-party iframes over HTTPS
|
|
path: "/"
|
|
});
|
|
res.status(200).send({ ok:true });
|
|
} else {
|
|
res.status(401).send({ ok:false });
|
|
}
|
|
});
|
|
|
|
// Event logging endpoint for frontend button presses
|
|
app.post('/api/event', (req,res)=>{
|
|
const svc = req.body.service || req.body.action || 'unknown';
|
|
const user = req.cookies.SESSIONID || 'anonymous';
|
|
console.log(`Event: user=${user} service=${svc} payload=${JSON.stringify(req.body)}`);
|
|
res.status(200).send({ ok:true });
|
|
});
|
|
|
|
// Optional für Nginx auth_request
|
|
app.get("/internal/auth", (req,res)=>{
|
|
if(req.cookies.SESSIONID) return res.sendStatus(200);
|
|
return res.sendStatus(401);
|
|
});
|
|
|
|
app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));
|