Skip to content

Instantly share code, notes, and snippets.

@kenhoff

kenhoff/server.js

Created October 2, 2015 21:36
Show Gist options
  • Save kenhoff/ae1381dbae2588582a96 to your computer and use it in GitHub Desktop.
Save kenhoff/ae1381dbae2588582a96 to your computer and use it in GitHub Desktop.
Download ZIP
A simple node.js server using harp.js and passport.js to only allow access to users in the Microsoft Azure AD.
Raw
server.js
// require('harp').server(__dirname, { port: process.env.PORT || 5000 })
console.log(process.env.NODE_ENV)
express = require('express')
session = require('express-session')
passport = require('passport')
harp = require('harp')
app = express()
app.use(session({ secret:"whatever"}))
app.use(passport.initialize())
app.use(passport.session())
OAuth2Strategy = require('passport-oauth').OAuth2Strategy
if (process.env.NODE_ENV == "production") {
oAuthOptions = {
authorizationURL:'https://login.windows.net/df4c5f08-c361-40c0-b2bc-3e00345517f9/oauth2/authorize',
tokenURL:'https://login.windows.net/df4c5f08-c361-40c0-b2bc-3e00345517f9/oauth2/token',
clientID:'1e9f9673-74e9-4f6f-b62f-b2412cb53e69',
clientSecret:'oYGi/EzxIx6qJHEi8TilYoiII1r7tbVgENnnw6PUs3w=',
callbackURL:'http://aad-activity.azurewebsites.net/auth/callback'
}
}
else {
oAuthOptions = {
authorizationURL:'https://login.windows.net/df4c5f08-c361-40c0-b2bc-3e00345517f9/oauth2/authorize',
tokenURL:'https://login.windows.net/df4c5f08-c361-40c0-b2bc-3e00345517f9/oauth2/token',
clientID:'51ae6442-0bc6-4c25-8ec7-e061f6f37889',
clientSecret:'pHz/psLBB0DmHI9ZNpHH4jyaoZxBqnSgNLxrVhiX2P8=',
callbackURL:'http://ken-dev.cloudapp.net:5000/auth/callback'
}
}
var strategy = new OAuth2Strategy(oAuthOptions, function (accessToken, refreshToken, profile, done) {
if (!profile.json.idp) {
return done(null, false)
}
msTenant = "72f988bf-86f1-41af-91ab-2d7cd011db47"
idp = profile.json.idp.split("/")
if (idp[3] == msTenant) {
return done(null, accessToken)
}
else {
return done(null, false)
}
}
)
strategy.tokenParams = function(options) {
return { resource: 'https://graph.windows.net' };
};
strategy.userProfile = function(accessToken, done) {
// thx: https://github.com/QuePort/passport-azure-oauth/blob/master/lib/passport-azure-oauth/strategy.js
var profile = {};
try {
var tokenBase64 = accessToken.split('.')[1];
var tokenBinary = new Buffer(tokenBase64, 'base64');
var tokenAscii = tokenBinary.toString('ascii');
var tokenObj = JSON.parse(tokenAscii);
profile.json = tokenObj;
profile.email = tokenObj.email;
profile.displayname = tokenObj.given_name + ' ' + tokenObj.family_name;
done(null, profile);
} catch (ex) {
console.log("Unable to parse oauth2 token from WAAD.");
done(ex, null);
}
};
passport.use(strategy)
passport.serializeUser(function(user, done) {
done(null, user)
})
passport.deserializeUser(function (id, done) {
done(null, id)
})
app.get("/auth", passport.authenticate('oauth2'))
app.get("/auth/callback", function (req, res, next) {
passport.authenticate("oauth2", function (err, user, info) {
if (err) {
res.send(err)
}
else if (!user) {
res.send(401)
}
else
req.logIn(user, function (err) {
if (req.session.redirect_to) {
res.redirect(req.session.redirect_to)
}
else {
res.redirect("/")
}
})
})(req, res, next)
})
function ensureAuthenticated(req, res, next) {
req.session.redirect_to = req.originalUrl
if (req.isAuthenticated()) { return next(); }
res.redirect('/auth');
}
app.use(ensureAuthenticated, harp.mount(__dirname))
app.listen(process.env.PORT || 5000)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment