root.js

"use strict";

const config = require('config');

const redis = require('../helpers/redis');
const express = require('express');
const crypto = require('crypto');
const router = express.Router();
const mailer = require('../helpers/mailer');
const _ = require('underscore');

const fs = require('fs')
const SamlStrategy = require('passport-saml').Strategy
const passport = require('passport')
const Saml2js = require('saml2js');

const db = require('../models/db');
const Sequelize = require('sequelize');
const Op = Sequelize.Op;
const uuidv4 = require('uuid/v4');


// =========== PASSPORT =======
  passport.serializeUser(function (user, done) {
    done(null, user);
  });

  passport.deserializeUser(function (user, done) {
    done(null, user);
  });

  var samlStrategy = new SamlStrategy({
      // URL that goes from the Identity Provider -> Service Provider
      callbackUrl: config.path,

      entryPoint: config.entryPoint,
      issuer: config.issuer,
      identifierFormat: null,

      validateInResponseTo: false,
      disableRequestedAuthnContext: true
  },
  function (profile, done) {
    return done(null, {
      id: profile.nameID,
      idFormat: profile.nameIDFormat,
      email: profile.email,
      firstName: profile.givenName,
      lastName: profile.sn
    });
  });

  passport.use(samlStrategy);

 // to generate Service Provider's XML metadata
  router.get('/saml/metadata',
    function(req, res) {
      res.type('application/xml');
      var spMetadata = samlStrategy.generateServiceProviderMetadata(fs.readFileSync('/cert/certificate.pem', 'utf8'));
      res.status(200).send(spMetadata);
    }
  );

router.post('/saml/SSO', passport.authenticate('saml', { failureRedirect: '/login', failureFlash: true}), function(req, res){
    const xmlResponse = req.body.SAMLResponse;
    const parser = new Saml2js(xmlResponse);
    const userid = parser.get('email');

    //check, if user exists, if not create.

    //else get userid and create session -> set cookie

    crypto.randomBytes(48, function(ex, buf) {
              var token = buf.toString('hex');

              var session = {
                user_id: userid,
                token: token,
                ip: req.ip,
                device: "web",
                created_at: new Date(),
                url : "/"
              };

              db.Session.create(session)
                .error(err => {
                  console.error("Error creating Session:",err);
                  res.redirect(500, "/");
                })
                .then(() => {
                  var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
                  res.cookie('sdsession', token, { domain: domain, httpOnly: true });
                  res.redirect(302, "/")
                });
    });
});

router.get('/', (req, res) => {
  res.render('index', { config:config, user:req.user });
});

router.get('/ping', (req, res) => {
  res.status(200).json({"status": "ok"})
});

router.get('/spaces', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/not_found', (req, res) => {
  res.render('not_found', {});
});

router.get('/confirm/:token', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/folders/:id', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/signup', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/accept/:id', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/password-reset', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/password-confirm/:token', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/de/*', (req, res) => {
  res.redirect("/t/de");
});

router.get('/de', (req, res) => {
  res.redirect("/t/de");
});

router.get('/fr/*', (req, res) => {
  res.redirect("/t/fr");
});

router.get('/fr', (req, res) => {
  res.redirect("/t/fr");
});

router.get('/oc/*', (req, res) => {
  res.redirect("/t/oc");
});

router.get('/oc', (req, res) => {
  res.redirect("/t/oc");
});

router.get('/en/*', (req, res) => {
  res.redirect("/t/en");
});

router.get('/en', (req, res) => {
  res.redirect("/t/end");
});

router.get('/account', (req, res) => {
  res.render('spacedeck');
});

router.get('/login', passport.authenticate('saml',
                           {
                             successRedirect: '/',
                             failureRedirect: '/login'
                           })
);


//  res.render('spacedeck', { config:config, user:req.user });
//});

router.get('/logout', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

router.get('/t/:id', (req, res) => {
  res.cookie('spacedeck_locale', req.params.id, { maxAge: 900000, httpOnly: true });
  var path = "/";
  if (req.query.r=="login" || req.query.r=="signup") {
    path = "/"+req.query.r;
  }
  res.redirect(path);
});

router.get('/s/:hash', (req, res) => {
  var hash = req.params.hash;
  if (hash.split("-").length > 0) {
    hash = hash.split("-")[0];
  }

  db.Space.findOne({where: {"edit_hash": hash}}).then(function (space) {
    if (space) {
      if (req.accepts('text/html')){
	      res.redirect("/spaces/"+space._id + "?spaceAuth=" + hash);
      } else {
	      res.status(200).json(space);
      }
    } else {
      if (req.accepts('text/html')) {
	      res.status(404).render('not_found', {});
      } else {
	      res.status(404).json({});
      }
    }
  });
});

router.get('/spaces/:id', (req, res) => {
  res.render('spacedeck', { config:config, user:req.user });
});

module.exports = {router: router, passport:passport};