88 lines
2.5 KiB
JavaScript
Executable File
88 lines
2.5 KiB
JavaScript
Executable File
import express from "express";
|
|
import cookieParser from "cookie-parser";
|
|
import bcrypt from "bcrypt";
|
|
import fs from "fs";
|
|
import crypto from "crypto";
|
|
|
|
const USERS = JSON.parse(fs.readFileSync("./users.json"));
|
|
const SESSIONS = {}; // in-memory session store
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use(cookieParser());
|
|
|
|
app.post("/api/login", async (req,res)=>{
|
|
const { user, pass } = req.body;
|
|
|
|
console.log(`Auth-Service login attempt for ${user}`);
|
|
|
|
const hash = USERS[user];
|
|
if(!hash) return res.status(401).send({ ok:false });
|
|
|
|
const valid = await bcrypt.compare(pass, hash);
|
|
if(!valid) return res.status(401).send({ ok:false });
|
|
|
|
// create secure random session
|
|
const sessionID = crypto.randomBytes(32).toString("hex");
|
|
SESSIONS[sessionID] = {
|
|
user,
|
|
created: Date.now()
|
|
};
|
|
|
|
res.cookie("SESSIONID", sessionID, {
|
|
httpOnly: true,
|
|
secure: true,
|
|
domain: ".server.schooltech.ch",
|
|
sameSite: "None",
|
|
path: "/"
|
|
});
|
|
|
|
res.status(200).send({ ok:true });
|
|
});
|
|
|
|
// Logout endpoint
|
|
app.post("/api/logout", (req, res) => {
|
|
const sid = req.cookies.SESSIONID;
|
|
if (sid && SESSIONS[sid]) {
|
|
delete SESSIONS[sid];
|
|
}
|
|
// Cookie löschen
|
|
res.clearCookie("SESSIONID", {
|
|
httpOnly: true,
|
|
secure: true,
|
|
domain: ".server.schooltech.ch",
|
|
sameSite: "None",
|
|
path: "/"
|
|
});
|
|
return res.status(200).send({ ok: true });
|
|
});
|
|
|
|
// Event logging endpoint for frontend button presses
|
|
app.post('/api/event', (req,res)=>{
|
|
const svc = req.body.service || req.body.action || 'unknown';
|
|
const user = req.cookies.SESSIONID || 'anonymous';
|
|
|
|
console.log(`Event: user=${user} service=${svc} payload=${JSON.stringify(req.body)}`);
|
|
res.status(200).send({ ok:true });
|
|
});
|
|
|
|
// Optional für Nginx auth_request
|
|
app.get("/internal/auth", (req,res)=>{
|
|
const sid = req.cookies.SESSIONID;
|
|
if (sid && SESSIONS[sid]) {
|
|
return res.sendStatus(200);
|
|
}
|
|
return res.sendStatus(401);
|
|
});
|
|
|
|
// Status endpoint (unter /api so dass Nginx /api/ auf appserverauth proxyt)
|
|
app.get("/api/status", (req, res) => {
|
|
const sid = req.cookies.SESSIONID;
|
|
if (sid && SESSIONS[sid]) {
|
|
return res.status(200).send({ ok: true, user: SESSIONS[sid].user });
|
|
}
|
|
return res.status(401).send({ ok: false });
|
|
});
|
|
|
|
app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));
|