-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathserver.js
126 lines (112 loc) · 4.11 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
// # [GitLab OAuth with Hapi v16](https://github.com/resources/snippets/tree/master/gitlab-oauth-with-hapi-v16)
//
// - `npm init -y`
// - `npm install hapi@16 hapi-auth-cookie@7 bell@8 --save`
// - generate a session key:
// `export SESSION_KEY=$(node -e "console.log(require('crypto').randomBytes(64).toString('hex'))")`
// - Log into a GitLab account
// - To create your own GitLab server, here is [a walkthrough](https://github.com/resources/walkthroughs/blob/master/gitlab.md)
// - Or create an account on GitLab.com
// - Go to Settings > Applications and add a new app (use the read_user permissions if just using for authentication)
// - use `https://yourdomain.example.com/auth/gitlab` as your redirect URI
// - set the application ID: `export GITLAB_APPLICATION_ID=YOUR_APPLICATION_ID`
// - set the secret: `export GITLAB_SECRET=YOUR_SECRET`
// - set the URI of your gitlab: `export GITLAB_URI=https://gitlab.example.com` (use `https://gitlab.com` if using gitlab.com)
// - test with ngrok:
// - run `npm start`
// - in a new console tab, run `brew cask install ngrok`
// - run `ngrok http 3000`
// - set the callback URL to https://yourngrokurl.ngrok.io/auth/gitlab on the OAuth app page
// - open https://yourngrokurl.ngrok.io/ in your browser
// - deploy with now:
// - set up https://zeit.co/now if you haven't already
// - run `now`:
// now -e SESSION_KEY=$SESSION_KEY \
// -e GITLAB_APPLICATION_ID=$GITLAB_APPLICATION_ID \
// -e GITLAB_SECRET=$GITLAB_SECRET \
// -e GITLAB_URI=$GITLAB_URI
// - run `now alias set https://auto-generated-subdomain.now.sh your-now-subdomain`
// - update the callback URL to https://your-now-subdomain.now.sh/auth/gitlab on the GitLab OAuth app page
// - open https://your-now-subdomain.now.sh/ in your browser
'use strict';
const Hapi = require('hapi');
const HapiAuthCookie = require('hapi-auth-cookie');
const Bell = require('bell');
const server = new Hapi.Server();
server.connection({port: process.env.PORT || 3000});
async function start() {
await server.register(HapiAuthCookie);
await server.register(Bell);
server.auth.strategy('session', 'cookie', {
password: process.env.SESSION_KEY,
redirectTo: '/',
});
server.auth.strategy('gitlab', 'bell', {
provider: 'gitlab',
scope: ['read_user'],
password: process.env.SESSION_KEY,
config: {
uri: process.env.GITLAB_URI
},
clientId: process.env.GITLAB_APPLICATION_ID,
clientSecret: process.env.GITLAB_SECRET,
forceHttps: true, // needed to use ngrok when testing locally
});
server.route({
method: 'GET',
path: '/',
config: {
auth: {strategy: 'session', mode: 'try'},
plugins: {'hapi-auth-cookie': {redirectTo: false}},
handler: (request, reply) => {
if (request.auth.credentials) {
const {username, email} = request.auth.credentials;
reply(`<pre>${JSON.stringify({username, email}, null, 2)}</pre>
<p>Go to <a href="/secret">/secret</a> to see a protected page!</p>`);
} else {
reply('Go to <a href="/auth/gitlab">/auth/gitlab</a> to sign in!');
}
}
}
});
server.route({
method: ['GET', 'POST'],
path: '/auth/gitlab',
config: {
auth: 'gitlab',
handler: (request, reply) => {
if (! request.auth.isAuthenticated) {
return reply(`Auth failed: ${request.auth.error.message}`);
}
const {username, email} = request.auth.credentials.profile;
request.cookieAuth.set({username, email});
return reply.redirect('/');
}
}
});
server.route({
method: 'GET',
path: '/secret',
config: {
auth: 'session',
handler: (request, reply) => {
reply('You should only see this when logged in.');
}
}
});
server.route({
method: 'GET',
path: '/logout',
handler: (request, reply) => {
request.cookieAuth.clear();
reply.redirect('/');
}
});
await server.start();
}
start().then(() => {
console.log(`Server running at: ${server.info.uri}`);
}).catch(err => {
console.error(err);
process.exit(1);
});