forked from auth0/ad-ldap-connector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
132 lines (106 loc) · 3.58 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
require('./lib/initConf');
require('colors');
require('./eventlog');
require('./lib/add_certs');
require('./lib/setupProxy');
var exit = require('./lib/exit');
function end () {
console.log('Got SIGTERM, exiting now.');
if (ws_client) {
process.exiting = true;
return ws_client.once('close', function () {
exit(0);
}).close();
}
exit(0);
}
process.on('uncaughtException', function(err) {
console.error(err.stack);
}).once('SIGTERM', end)
.once('SIGINT', end);
var nconf = require('nconf');
var ws_client;
var connectorSetup = require('./connector-setup');
connectorSetup.run(__dirname, function(err) {
if(err) {
console.log(err.message);
return exit(2);
}
if(!nconf.get('LDAP_URL')) {
console.error('edit config.json and add your LDAP URL');
return exit(1);
}
if (!nconf.get('LDAP_BIND_USER') || !nconf.get('LDAP_BIND_CREDENTIALS')) {
if (!nconf.get('ANONYMOUS_SEARCH_ENABLED')){
console.error('Anonymous LDAP search is not enabled. Please edit config.json to add LDAP_BIND_USER');
return exit(1);
}
else{
console.log('Anonymous LDAP search is enabled. LDAP_BIND_USER is not required')
}
}
require('./lib/clock_skew_detector');
ws_client = require('./ws_validator');
var latency_test = require('./latency_test');
latency_test.run_many(10);
if (!nconf.get('KERBEROS_AUTH') && !nconf.get('CLIENT_CERT_AUTH')) {
return;
}
var express = require('express');
var bodyParser = require('body-parser');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
var passport = require('passport');
require('./lib/setupPassport');
var cookieSessions = require('cookie-sessions');
var app = express();
// configure the webserver
app.set('view engine', 'ejs');
app.set('views', __dirname + '/views');
app.use(express.static(__dirname + '/public'));
app.use(logger('combined'));
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended:true}));
app.use(cookieSessions({
name: 'auth0-ad-conn',
secret: nconf.get('SESSION_SECRET')}));
app.use(passport.initialize());
require('./endpoints').install(app);
var options = {
port: nconf.get('PORT'),
test_user: nconf.get('KERBEROS_DEBUG_USER')
};
// client certificate-based authentication
if (nconf.get('CLIENT_CERT_AUTH')) {
console.log('Using client certificate-based authentication');
// SSL settings
options.ca = nconf.get('CA_CERT');
options.pfx = new Buffer(nconf.get('SSL_PFX'), 'base64');
options.passphrase = nconf.get('SSL_KEY_PASSWORD');
options.requestCert = true;
if (!nconf.get('KERBEROS_AUTH')) {
var https = require('https'); // use https server
https.createServer(options, app).listen(options.port);
}
}
// kerberos authentication
if (nconf.get('KERBEROS_AUTH')) {
console.log('Using kerberos authentication');
if (process.platform === 'win32') {
var KerberosServer = require('kerberos-server');
var kerberosServer = new KerberosServer(app, options);
kerberosServer.listen(options.port)
.on('error', function (err) {
console.error(err.message);
return process.exit(1);
});
} else if (nconf.get('WITH_KERBEROS_PROXY_FRONTEND')) {
var http = require('http');
http.createServer(app).listen(options.port);
} else {
return console.log('Detected KERBEROS_AUTH in config, but this platform doesn\'t support it.');
}
}
console.log('listening on port: ' + nconf.get('PORT'));
});