49 lines
1.3 KiB
JavaScript
49 lines
1.3 KiB
JavaScript
const passport = require('passport');
|
|
const ActiveDirectoryStrategy = require('passport-activedirectory');
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
const { getUserData } = require('../Middlewares/watcherMiddleware');
|
|
|
|
const setupFilePath = path.join(__dirname, '../data', 'setup.json');
|
|
|
|
const setupData = JSON.parse(fs.readFileSync(setupFilePath, 'utf-8'));
|
|
|
|
passport.use('ActiveDirectory', new ActiveDirectoryStrategy({
|
|
integrated: false,
|
|
ldap: {
|
|
url: setupData[0].ldap.url,
|
|
baseDN: setupData[0].ldap.baseDN,
|
|
username: setupData[0].ldap.username,
|
|
password: setupData[0].ldap.password
|
|
}
|
|
}, function (profile, ad, done) {
|
|
ad.isUserMemberOf(profile._json.dn, 'CDN-Access', function (err, isMember) {
|
|
if (err) return done(err);
|
|
|
|
if (!isMember) {
|
|
return done(null, false, { message: 'L\'utilisateur n\'est pas autorisé.' });
|
|
}
|
|
|
|
return done(null, profile);
|
|
});
|
|
}));
|
|
|
|
passport.serializeUser((user, done) => {
|
|
done(null, user.name);
|
|
});
|
|
|
|
passport.deserializeUser(async (id, done) => {
|
|
const users = await getUserData();
|
|
|
|
const user = users.find(u => u.name === id || u.name === `.${id}`);
|
|
|
|
if (user) {
|
|
return done(null, user);
|
|
} else {
|
|
return done(new Error('User not valid'), null);
|
|
}
|
|
});
|
|
|
|
module.exports = passport;
|
|
|