Newer
Older
Lloyd Hilaiel
committed
const path = require('path'),
url = require('url'),
httputils = require('./httputils.js'),
idassertion = require('./idassertion.js'),
jwt = require('./jwt.js');
function handler(req, resp, serveFile) {
Lloyd Hilaiel
committed
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
// dispatch!
var parsed = url.parse(req.url, true);
var urlpath = parsed.pathname;
// code_update is an internal api that causes the node server to
// shut down. This should never be externally accessible and
// is used during the dead simple deployment.
//
// NOTE: this should be reworked as the project gets more serious.
if (urlpath === "/code_update") {
console.log("code updated. shutting down.");
process.exit();
}
// A simple ping hook for monitoring.
else if (urlpath === "/ping.txt") {
resp.writeHead(200, {"Content-Type": "text/plain"})
resp.write("k.");
resp.end();
}
// the verification API, the main reason this server exists!
else {
var assertion = parsed.query['assertion'];
var audience = parsed.query['audience'];
// allow client side XHR to access this WSAPI, see
// https://developer.mozilla.org/en/http_access_control
// for details
resp.setHeader('Access-Control-Allow-Origin', '*');
if (req.method === 'OPTIONS') {
resp.setHeader('Access-Control-Allow-Methods', 'GET');
resp.writeHead(200);
resp.end();
return;
}
try {
var assertionObj = new idassertion.IDAssertion(assertion);
assertionObj.verify(
audience,
function(payload) {
result = {
status : "okay",
email : payload.email,
audience : payload.audience,
"valid-until" : payload["valid-until"],
issuer : payload.issuer
};
httputils.jsonResponse(resp, result);
Lloyd Hilaiel
committed
},
function(errorObj) {
httputils.jsonResponse(resp, {status:"failure", reason:errorObj});
}
);
} catch (e) {
console.log(e.stack);
httputils.jsonResponse(resp, {status:"failure", reason:e.toString()});
}
exports.setup = function(app) {
app.use(handler);
};