siwatsystem-public/satitm-sso-node
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

pre async

Browse source
This commit is contained in:
Siwat Sirichai 2024-05-05 16:59:26 +07:00
parent f7824d67e5
commit 512a69319c
13 changed files with 633 additions and 362 deletions
Download patch file Download diff file Expand all files Collapse all files

23
config/database.js Normal file
View file

@ -0,0 +1,23 @@
const mysql = require('mysql2');
// Create a connection pool
const database = mysql.createPool({
host: '192.168.0.236',
user: 'cudnodejs',
password: 'iDvuHQsPXF5AasESydypgu',
database: 'cudnodejs',
connectionLimit: 10
});
database.getConnection((err, connection) => {
if(err) {
console.error('Error connecting to the database:', err);
} else {
console.log('Connected to the database');
connection.release();
}
});
// Export the connection pool
module.exports = database;

32
config/http.js Normal file
View file

@ -0,0 +1,32 @@
let fs = require('fs');
const options = {
key: fs.readFileSync('adfs_connect/urn_satitm_sso_selfservice.key'),
cert: fs.readFileSync('adfs_connect/urn_satitm_sso_selfservice.cert'),
ciphers: [
'ECDHE-RSA-AES128-GCM-SHA256',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES256-GCM-SHA384',
'DHE-RSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-SHA256',
'DHE-RSA-AES128-SHA256',
'ECDHE-RSA-AES256-SHA384',
'DHE-RSA-AES256-SHA384',
'ECDHE-RSA-AES256-SHA256',
'DHE-RSA-AES256-SHA256',
'HIGH',
'!aNULL',
'!eNULL',
'!EXPORT',
'!DES',
'!RC4',
'!MD5',
'!PSK',
'!SRP',
'!CAMELLIA'
].join(':'),
honorCipherOrder: true
};
module.exports.options = options;

32
config/ldap.js Normal file
View file

@ -0,0 +1,32 @@
let ldap = require('ldapjs');
let fs = require('fs');
let tls = require('tls');
let satitm_directory = ldap.createClient({
url: 'ldaps://ad.satitm.chula.ac.th:636',
tlsOptions: {
rejectUnauthorized: false
}
});
// Save server's certificate to file for same-host verification
satitm_directory.on('connect', function(socket) {
socket.on('secureConnect', function() {
if (socket.getPeerCertificate().raw) {
fs.writeFileSync('certificate.pem', socket.getPeerCertificate().raw);
satitm_directory.tlsOptions = {
ca: [fs.readFileSync('certificate.pem')]
};
}
});
});
satitm_directory.bind('CN=SSOManager,OU=Service Accounts,DC=ad,DC=satitm,DC=chula,DC=ac,DC=th', '39BK5LCeU2NY2oG3beeBJH', function (err) {
if (err) {
console.log('Error:', err);
} else {
console.log('Connected to SATITM Active Directory');
}
});
module.exports = satitm_directory;

31
config/passport.js
View file

@ -1,6 +1,8 @@
let fs = require("fs"),
passport = require("passport"),
SamlStrategy = require("passport-saml").Strategy;
let fs = require("fs");
let passport = require("passport");
let SamlStrategy = require("passport-saml").Strategy;
let directory = require("../directory.js");
passport.serializeUser(function (user, done) {
done(null, user);
});
@ -13,7 +15,7 @@ passport.use(
{
entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls",
issuer: "https://localhost:3000",
callbackUrl: "https://localhost:3000/selfservice/activedirectory/postResponse",
callbackUrl: "https://localhost:3000/selfservice/api/login/postResponse",
privateKey: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.key", "utf-8"),
acceptedClockSkewMs: -1,
identifierFormat: null,
@ -21,13 +23,20 @@ passport.use(
racComparison: "exact",
},
function (profile, done) {
console.log("profile", profile);
let user = profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"];
return done(null, {
username: profile["username"],
first_name: profile["first_name"],
last_name: profile["last_name"],
org_unit: profile["org_unit"],
// Query Active Directory for user details
// username is the UPN
// Store the user's group and DN in the session
let username = profile["username"];
attributes = ["dn", "memberOf"];
directory.queryUser(username, attributes, function (err, user) {
if (err) {
console.log("Error:", err);
} else {
console.log("User:", user);
profile["dn"] = user.dn;
profile["memberOf"] = user.memberOf;
return done(null, profile);
}
});
}
)