From 18d35b5172f31f7a23a898b471a32257b8379b81 Mon Sep 17 00:00:00 2001 From: Marsell Kukuljevic Date: Sat, 10 Apr 2021 20:19:23 +0200 Subject: [PATCH] Eliminate /token path from server.js, to match Dragos' env. --- bin/server.js | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) mode change 100644 => 100755 bin/server.js diff --git a/bin/server.js b/bin/server.js old mode 100644 new mode 100755 index 79c2015..13a9396 --- a/bin/server.js +++ b/bin/server.js @@ -21,6 +21,8 @@ let SIGNER = {}; // from cloudapi to our client caller. Effectively this function is a proxy // that solely signs the request as it passes through. function proxy(req, res, cb) { + console.log('### proxy', req.url) + // return data from cloudapi to the client caller function proxyReturn(err, _, res2, data) { if (err && !res2) { @@ -78,9 +80,11 @@ function proxy(req, res, cb) { // secure token. Once the user successfully logs in, the token is returned // through an SSO redirect to token() below. function login(req, res, cb) { + console.log('### login'); + const query = { permissions: '{"cloudapi":["/my/*"]}', - returnto: CONFIG.urls.local + '/token', + returnto: CONFIG.urls.local, now: new Date().toUTCString(), keyid: '/' + CONFIG.key.user + '/keys/' + CONFIG.key.id, nonce: mod_crypto.randomBytes(15).toString('base64') @@ -98,19 +102,7 @@ function login(req, res, cb) { const signature = signer.sign(PRIVATE_KEY, 'base64'); url += '&sig=' + encodeURIComponent(signature); - res.redirect(url, cb); -} - - -// Once a user successfully logs in, they are redirected to here. We convert -// the token that was returned to use as query arg into an X-Auth-Token header -// that is returned to the client caller. This header must be provided by the -// client from now on in order to communicate with Cloudapi. -function token(req, res, cb) { - const token = decodeURIComponent(req.query().split('=')[1]); - res.header('X-Auth-Token', token); - res.send(204); - return cb(); + res.json({ url }); } @@ -169,7 +161,6 @@ function main() { // route HTTP requests to proper functions server.get('/login', login); - server.get('/token', token); server.get(/^/, proxy); server.put(/^/, proxy);