-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.js
More file actions
103 lines (86 loc) · 3.34 KB
/
Copy pathapp.js
File metadata and controls
103 lines (86 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
// for easyID OIDC integration
const passport = require('passport');
const OpenIdStrategy = require('passport-openidconnect').Strategy;
const expressSesssion = require('express-session');
// These two only if you want to verify issued id_token
const jsonwebtoken = require('jsonwebtoken');
const jwksRsa = require('jwks-rsa');
var index = require('./routes/index');
var users = require('./routes/users');
var app = express();
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
var strategy = new OpenIdStrategy({
issuer: 'https://' + process.env.DOMAIN,
authorizationURL: 'https://' + process.env.DOMAIN + '/oauth2/authorize',
tokenURL: 'https://' + process.env.DOMAIN + '/oauth2/token',
clientID: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
callbackURL: process.env.CALLBACK_URL || 'http://localhost:3000/callback',
acr_values: 'urn:grn:authn:no:bankid:central', // Pick one of the supported authentication methods
skipUserProfile: true // there is no userInfo endpoint on easyID
}, function(iss, sub, profile, jwtClaims, accessToken, refreshToken, params, done) {
// To verify signature on the params.id_token, uncomment
// and add the verification function shown further down.
// return verifySignature(params.id_token, done);
return done(null, jwtClaims);
});
function verifySignature(id_token, done) {
// no error checking: push on or fail miserably
const jwksClient = jwksRsa({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: 'https://' + process.env.DOMAIN + '/.well-known/jwks'
});
const jwt_header = JSON.parse(new Buffer(id_token.split('.')[0], 'base64').toString());
jwksClient.getSigningKey(jwt_header.kid, (err, key) => {
var signingKey = key.publicKey || key.rsaPublicKey;
jsonwebtoken.verify(id_token, signingKey, function (err, userInfo) {
done(err, userInfo);
});
});
}
passport.use(strategy);
// This can be used to keep a smaller payload
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
app.use(expressSesssion({ secret: 'Some secret you say?', resave: true, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());
app.use('/', index);
app.use('/users', users);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;