support for acticve directory #261

packages/api/package.json

@@ -17,6 +17,7 @@
     "dbgate"
   ],
   "dependencies": {
+    "activedirectory2": "^2.1.0",
     "async-lock": "^1.2.4",
     "axios": "^0.21.1",
     "body-parser": "^1.19.0",

packages/api/src/controllers/auth.js

@@ -2,6 +2,8 @@ const axios = require('axios');
 const jwt = require('jsonwebtoken');
 const getExpressPath = require('../utility/getExpressPath');
 const uuidv1 = require('uuid/v1');
+const { getLogins } = require('../utility/hasPermission');
+const AD = require('activedirectory2').promiseWrapper;
 
 const tokenSecret = uuidv1();
 
@@ -20,7 +22,7 @@ function unauthorizedResponse(req, res, text) {
 }
 
 function authMiddleware(req, res, next) {
-  const SKIP_AUTH_PATHS = ['/config/get', '/auth/oauth-token', '/stream'];
+  const SKIP_AUTH_PATHS = ['/config/get', '/auth/oauth-token', 'auth/login', '/stream'];
 
   if (!shouldAuthorizeApi()) {
     return next();
@@ -60,16 +62,51 @@ module.exports = {
 
     const login = process.env.OAUTH_LOGIN_FIELD ? payload[process.env.OAUTH_LOGIN_FIELD] : 'oauth';
 
-    console.log(payload);
-
     if (access_token) {
       return {
-        accessToken: jwt.sign({ user: 'oauth' }, tokenSecret, { expiresIn: '1m' }),
+        accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: '1m' }),
       };
     }
 
     return { error: 'Token not found' };
   },
+  login_meta: true,
+  async login(params) {
+    const { login, password } = params;
+
+    if (process.env.AD_URL && process.env.AD_BASEDN) {
+      const adConfig = {
+        url: process.env.AD_URL,
+        baseDN: process.env.AD_BASEDN,
+        username: process.env.AD_USERNAME,
+        password: process.env.AD_PASSOWRD,
+      };
+      const ad = new AD(adConfig);
+      try {
+        const res = await ad.authenticate(login, password);
+        if (!res) {
+          return { error: 'login failed' };
+        }
+        return {
+          accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: '1m' }),
+        };
+      } catch (err) {
+        console.log('Failed active directory authentization', err.message);
+        return { error: err.message };
+      }
+    }
+
+    const logins = getLogins();
+    if (!logins) {
+      return { error: 'Logins not configured' };
+    }
+    if (logins[login] == password) {
+      return {
+        accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: '1m' }),
+      };
+    }
+    return { error: 'Invalid credentials' };
+  },
 
   authMiddleware,
   shouldAuthorizeApi,

packages/web/src/LoginPage.svelte

@@ -5,6 +5,7 @@
   import FormProvider from './forms/FormProvider.svelte';
   import FormSubmit from './forms/FormSubmit.svelte';
   import FormTextField from './forms/FormTextField.svelte';
+  import { apiCall, enableApi } from './utility/api';
 
   onMount(() => {
     const removed = document.getElementById('starting_dbgate_zero');
@@ -28,7 +29,8 @@
           <FormSubmit
             value="Log In"
             on:click={e => {
-              console.log('log in', e);
+              enableApi();
+              apiCall('auth/login', e.detail);
             }}
           />
         </div>
@@ -51,8 +53,10 @@
     position: fixed;
     top: 1rem;
     left: 1rem;
-    font-size: 40pt;
+    font-size: 30pt;
+    font-family: monospace;
     color: var(--theme-bg-2);
+    text-transform: uppercase;
   }
   .submit {
     margin: var(--dim-large-form-margin);
@@ -78,8 +82,10 @@
   }
 
   .box {
-    max-width: 600px;
-    width: 40vw;
+    width: 600px;
+    max-width: 80vw;
+    /* max-width: 600px;
+    width: 40vw; */
     border: 1px solid var(--theme-border);
     border-radius: 4px;
     background-color: var(--theme-bg-0);

packages/web/src/utility/api.ts

@@ -16,6 +16,10 @@ export function disableApi() {
   apiDisabled = true;
 }
 
+export function enableApi() {
+  apiDisabled = false;
+}
+
 function wantEventSource() {
   if (!eventSource) {
     eventSource = new EventSource(`${resolveApi()}/stream`);