diff options
Diffstat (limited to 'web')
-rw-r--r-- | web/main.js | 93 |
1 files changed, 92 insertions, 1 deletions
diff --git a/web/main.js b/web/main.js index c07e12e..90d4cd1 100644 --- a/web/main.js +++ b/web/main.js @@ -1,11 +1,19 @@ var engine = require('engine.io'), // web sockets communication handler, sitting on the low-level HTTP handler - http_server = require('http').createServer(), // the low-level HTTP handler + http = require('http'), // HTTP library + https = require('https'), // HTTPS library + http_server = http.createServer(), // the low-level HTTP handler net = require('net'), // TCP sockets library Promise = require('bluebird'), // the promises library log4js = require('log4js'), // the logger + url = require('url'), // URL parser express = require('express'), // library providing the Express web framework http_app = express(); // web framework engine, sitting on the low-level HTTP handler +var SAML_LOGINWAIT_URL = process.env.CODEQ_SAML_LOGINWAIT_URL || 'https://codeq.si/Shibboleth.sso/WaitLogin'; + +var samlLoginwaitUrlParsed = url.parse(SAML_LOGINWAIT_URL), + samlLoginwaitIsHttps = samlLoginwaitUrlParsed.protocol === 'https:'; + // ================================================================================ // The logger // ================================================================================ @@ -111,6 +119,89 @@ var guiHandlers = { }).done(); }, + 'saml_login': function samlLogin(session, message) { + var guiResponse = {'tid': message.tid, 'sid': message.sid}, + aborted = false, + options = { + hostname: samlLoginwaitUrlParsed.hostname, + port: samlLoginwaitUrlParsed.port || (samlLoginwaitIsHttps ? 443 : 80), + path: samlLoginwaitUrlParsed.pathname + '?sid=' + session.sid, + method: 'GET', + rejectUnauthorized: false // allow server certificates we don't know + }, + handleResponse = function (res) { + var chunks = [], + status = res.statusCode, + headers, i, m; + if (status !== 200) { + guiResponse.code = -2; + guiResponse.message = 'Received an error from the identity server: ' + status + ' ' + res.statusMessage; + chunks.push(guiResponse.message, '\n'); + headers = res.rawHeaders; + for (i = 0; i < headers.length; i++) chunks.push(headers[i], '\n'); + chunks.push('\n'); + } + res.on('data', function (d) { + chunks.push(d); + }); + res.on('end', function () { + if (aborted) return; // already handled + if (status !== 200) { + logger.error(chunks.join('')); + session.send(guiResponse); + return; + } + try { + m = JSON.parse(chunks.join('')); + } + catch (e) { + guiResponse.code = -3; + guiResponse.message = 'Response from the identity server is not a JSON: ' + e; + logger.error(guiResponse.message + '\n' + chunks.join(''), e); + session.send(guiResponse); + return; + } + if (m.code !== 0) { + guiResponse.code = m.code || -5; + guiResponse.message = m.message || 'Status message from the identity server is not set'; + session.send(guiResponse); + } + else { + sendDataToPython({'action': 'saml_login', 'tid': message.tid, 'sid': message.sid, 'data': m.data && m.data.userData}) + .then(function (jsonReply) { + session.samlData = m.data; // perhaps we'll need the SAML data in the future + session.send(jsonReply); + }, function (exc) { + guiResponse.code = -6; + guiResponse.message = 'Python processing of SAML login generated an error: ' + exc; + logger.error(guiResponse.message, exc); + session.send(guiResponse); + }) + .done(); + } + }); + }, + req; + if (samlLoginwaitIsHttps) req = https.request(options, handleResponse); + else req = http.request(options, handleResponse); + req.on('error', function (e) { + if (aborted) return; // already handled + guiResponse.code = -1; + guiResponse.message = 'Error when trying to contact the identity server: ' + e; + logException('Error when trying to contact the identity server: ' + e, e); + session.send(guiResponse); + }); + req.setTimeout(600000, function () { // 10 minutes timeout + aborted = true; + req.abort(); + guiResponse.code = -4; + guiResponse.message = 'Timeout waiting for a reply from the identity server'; + logger.error(guiResponse.message); + session.send(guiResponse); + }); + req.end(); + }, + // actions to use default handling should define truthy values that are not functions // (this is to filter out unnecessary traffic before it hits Python) 'login': true, |