Cookie Auth

auth.js

@@ -1,64 +1,62 @@
-/**
+#!/usr/bin/env node
- * Login Class
+
- */
+var crypto = require('crypto');
-function Login() {
+var os = require('os');
-    // sessionId -> user map
+var querystring = require('querystring');
-    this.sessionMap = {
+var url = require('url');
-        99999: { name: 'HolyUBUser', email: 'HolyUBPass' }
+
+var Cookies = require('cookies');
+
+var settings = {
+    hashes: [],
+    redirect: '/',
 };
+
+module.exports = function(env) {
+    for (var k in env) {
+        settings[k] = env[k];
     }
-/**
+    return module.exports;
- * Say Hello {name} to the user
+};
- */
+
-Login.prototype.hello = function(sessionId) {
+module.exports.auth = function(req, res, next) {
-    if (this.sessionMap[sessionId] == null) {
+    // Allow using with express as well as socket.io
-        return this.isLoggedIn;
+    next = next || res;
+    var cookies = new Cookies(req);
+    var hash = cookies.get('session') ?
+        module.exports.hash(cookies.get('session')) : '';
+    if (settings.hashes.indexOf(hash) >= 0) {
+        next();
+    } else {
+        next(new Error('Bad session key.'));
     }
 };
-/**
+
- * Get Current Session id user name 
+module.exports.sign = function(req, res, next) {
- */
+    var cookies = new Cookies(req, res);
-Login.prototype.getName = function(sessionId) {
+    var query = url.parse(req.url, true).query;
-    return this.sessionMap[sessionId].name;
+    cookies.set('session', query.key ? module.exports.hash(query.key) : null);
+    res.writeHead(302, { location: query.path ? query.path : settings.redirect });
+    res.end();
 };
 
-/**
+module.exports.generate = function() {
- * Get Current Session id user email 
+    var key = crypto.randomBytes(24).toString('base64');
- */
+    var hash = module.exports.hash(module.exports.hash(key));
-
+    settings.hashes.push(hash);
-/**
+    return { key: key, hash: hash };
- * Check whether the given session id is valid (is in sessionMap) or not.
- */
-Login.prototype.isLoggedIn = function(sessionId) {
-    return sessionId in this.sessionMap;
 };
 
-/**
+module.exports.hash = function(key) {
- * Create a new session id for the given user.
+    var hmac = crypto.createHmac('SHA256', key);
- */
+    hmac.update(key);
-Login.prototype.login = function() {
+    return hmac.digest('base64');
-    var sessionId = new Date().getTime();
-    return sessionId;
 };
 
-/**
+if (require.main === module) {
- * Remove specific refreshed session from SessionMap
+    var pair = module.exports.generate();
- **/
+    console.log('Call authlink.generate() for a keypair or add\n' +
-Login.prototype.RefreshSession = function(_sessionId) {
+        'authlink({hashes:[\'' + pair.hash + '\']})\n' +
-    // Delete the session id from sessionMap 
+        'and then authenticate on authlink.sign with the querystring\n?' +
-    delete this.sessionMap[_sessionId];
+        querystring.stringify({ key: pair.key }));
-    return "done";
+}
-};
-
-/**
- * Logout from the server
- */
-Login.prototype.logout = function(sessionId) {
-    console.log('logout::' + sessionId);
-    // Delete the session id from sessionMap 
-    delete this.sessionMap[sessionId];
-
-};
-
-// Export the Login class
-module.exports = new Login();

package.json

@@ -5,7 +5,7 @@
     "main": "app.js",
     "scripts": {
         "test": "test",
-        "start": "node app.js"
+        "start": "node app.js auth.js"
     },
     "keywords": [
         "proxy",