Newer
Older
Lloyd Hilaiel
committed
const path = require('path'),
url = require('url'),
fs = require('fs'),
httputils = require('./lib/httputils.js'),
idassertion = require('./lib/idassertion.js'),
jwt = require('./lib/jwt.js');
// create the var directory if it doesn't exist
var VAR_DIR = path.join(__dirname, "var");
try { fs.mkdirSync(VAR_DIR, 0755); } catch(e) { }
Lloyd Hilaiel
committed
Lloyd Hilaiel
committed
function doVerify(req, resp, next) {
var assertion = req.query.assertion;
var audience = req.query.audience;
Lloyd Hilaiel
committed
Lloyd Hilaiel
committed
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
if (!(assertion && audience))
return httputils.jsonResponse(resp, {status:"failure", reason:"need assertion and audience"});
// allow client side XHR to access this WSAPI, see
// https://developer.mozilla.org/en/http_access_control
// for details
// FIXME: should we really allow this? It might encourage the wrong behavior
resp.setHeader('Access-Control-Allow-Origin', '*');
if (req.method === 'OPTIONS') {
resp.setHeader('Access-Control-Allow-Methods', 'GET');
resp.writeHead(200);
resp.end();
return;
}
try {
var assertionObj = new idassertion.IDAssertion(assertion);
assertionObj
.verify(
audience,
function(payload) {
result = {
status : "okay",
email : payload.email,
audience : payload.audience,
"valid-until" : payload["valid-until"],
issuer : payload.issuer
};
httputils.jsonResponse(resp, result);
},
function(errorObj) {
httputils.jsonResponse(resp, {status:"failure", reason:errorObj});
}
);
} catch (e) {
console.log(e.stack);
httputils.jsonResponse(resp, {status:"failure", reason:e.toString()});
}
}
exports.varDir = VAR_DIR;
exports.setup = function(app) {
Lloyd Hilaiel
committed
// code_update is an internal api that causes the node server to
// shut down. This should never be externally accessible and
// is used during the dead simple deployment procedure.
app.get("/code_update", function (req, resp) {
console.log("code updated. shutting down.");
process.exit();
});
Lloyd Hilaiel
committed
Lloyd Hilaiel
committed
// A simple ping hook for monitoring.
app.get("/ping.txt", function(req ,resp) {
resp.writeHead(200, {"Content-Type": "text/plain"})
resp.write("k.");
resp.end();
});
Lloyd Hilaiel
committed
Lloyd Hilaiel
committed
app.get('/', doVerify);
app.get('/verify', doVerify);