added optional auth0 authentication, and public registration toggle

speckleworks · Jul 23, 2019 · 4153071 · 4153071
1 parent b4a40f4
commit 4153071
Show file tree

Hide file tree

Showing 11 changed files with 690 additions and 33 deletions.
diff --git a/.env-base b/.env-base
@@ -77,3 +77,12 @@ SMPT_PASSWORD=""
 # providers will require to verify your domain first.
 EMAIL_SENDER="[email protected]"
 
+# Set to false to disable register routes
+PUBLIC_REGISTRATION=false
+
+# Auth0
+USE_AUTH0=false
+AUTH0_CLIENT_ID=XXX
+AUTH0_DOMAIN=XXX
+AUTH0_CLIENT_SECRET=XXX
+
diff --git a/app/api/accounts/UserCreate.js b/app/api/accounts/UserCreate.js
@@ -7,7 +7,12 @@ const ActionToken = require( '../../../models/ActionToken' )
 
 const SendEmailVerification = require( '../../../app/email/index' ).SendEmailVerification
 
-module.exports = function ( req, res ) {
+module.exports = ( req, res ) => {
+
+  if ( process.env.PUBLIC_REGISTRATION === "false" ) {
+    return res.status( 401 ).send( { success: false, message: 'This is an invite only speckle server. Sorry!' } )
+  }
+
   winston.debug( 'register new user route' )
   if ( !req.body.email ) { res.status( 400 ); return res.send( { success: false, message: 'Do not fuck with us. Give us your email.' } ) }
   if ( !req.body.password ) { res.status( 400 ); return res.send( { success: false, message: 'Passwords are a necessary evil, fam.' } ) }

diff --git a/app/auth/index.js b/app/auth/index.js
@@ -0,0 +1,60 @@
+'use strict'
+const exphbs = require( 'express-handlebars' )
+const passport = require( 'passport' )
+const Auth0Strategy = require( 'passport-auth0' )
+
+module.exports = function ( app, express ) {
+
+  app.engine( '.hbs', exphbs( { extname: '.hbs' } ) )
+  app.set( 'view engine', '.hbs' )
+
+  // delegate user identity verification to auth0
+  if ( process.env.USE_AUTH0 === "true" ) {
+
+    addAuth0Strategy( )
+
+    // all routes should go to the auth0 lock screen
+    app.get( '/register', ( req, res ) => res.render( 'auth0', { layout: false, title: 'Speckle: Login/Register to your account', clientId: process.env.AUTH0_CLIENT_ID, domain: process.env.AUTH0_DOMAIN } ) )
+
+    app.get( '/login', ( req, res ) => res.render( 'auth0', { layout: false, title: 'Speckle: Login/Register to your account', clientId: process.env.AUTH0_CLIENT_ID, domain: process.env.AUTH0_DOMAIN } ) )
+
+    app.get( '/registration-callback', passport.authenticate('auth0'), handlePassportRegistration )
+
+  } else {
+
+    // not delegating user identity
+
+    if ( process.env.PUBLIC_REGISTRATION === "true" )
+      app.get( '/register', ( req, res ) => res.render( 'register', {
+        title: 'Register a new speckle account',
+        server: process.env.SERVER_NAME,
+        url: process.env.CANONICAL_URL
+      } ) )
+
+    app.get( '/login', ( req, res ) => res.render( 'login', {
+      title: 'Login to your speckle account',
+      server: process.env.SERVER_NAME,
+      url: process.env.CANONICAL_URL
+    } ) )
+  }
+}
+
+function handlePassportRegistration( req, res ) => {
+  res.send( req.user )
+}
+
+function addAuth0Strategy( ) {
+
+  let strategy = new Auth0Strategy( {
+    domain: process.env.AUTH0_DOMAIN,
+    clientID: process.env.AUTH0_CLIENT_ID,
+    clientSecret: process.env.AUTH0_CLIENT_SECRET,
+    state: false,
+    callbackURL: '/registration-callback'
+  }, ( accessToken, refreshToken, extraParams, profile, done ) => done( null, profile ) )
+
+  passport.use( strategy )
+  passport.serializeUser( ( user, done ) => done( null, user ) )
+  passport.deserializeUser( ( user, done ) => done( null, user ) )
+
+}