Skip to content
This repository was archived by the owner on Jun 9, 2022. It is now read-only.

Commit a85fc60

Browse files
SqyphenSqyphen
committed
changes uathentication from s3o to OKTA
1 parent 72f23a1 commit a85fc60

File tree

5 files changed

+2817
-551
lines changed

5 files changed

+2817
-551
lines changed

README.md

+19-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,13 @@ $ npm install
1414
$ npm run start
1515
```
1616

17-
## Configure (via the .env file, or environment params)
17+
## .env
18+
19+
- Run `touch .env` to create the required **.env** file
20+
- Open your new **.env** file and add the following variables:
21+
22+
23+
### Configure (via the .env file, or environment params)
1824

1925
```
2026
ALLOWED_USERS=... # a CSV of those who can see the extra goodies
@@ -32,4 +38,16 @@ AUDIO_RENDER_URL=... # for generating the audio version of the translation
3238
AUDIO_RENDER_TOKEN=... # ditto (lifted from the renderer's settings)
3339
LIMIT_TABLE=... # table for checking api limits have not been breached
3440
API_CHAR_LIMITS=... # JSON object with providers (lowerCase) as key and char limits as (Int) values
41+
PORT=... # 3010
42+
BASE_URL=... # http://localhost:3010
43+
OKTA_CLIENT=... # for OKTA authentication
44+
OKTA_ISSUER=... # for OKTA authentication
45+
OKTA_SECRET=... # for OKTA authentication
46+
SESSION_TOKEN=... # for OKTA authentication
3547
```
48+
49+
#### Where to find OKTA .env vars
50+
51+
- Get `SESSION_TOKEN` from LastPass
52+
- Get details for finding `OKTA_ISSUER`, `OKTA_CLIENT` & `OKTA_SECRET` in LastPass
53+

bin/lib/utils/utils.js

+8-9
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,17 @@
1-
function getS3OUserFromCookie(cookies) {
1+
function getOKTAUserFromCookie(userinfo) {
22
let user = null;
33

4-
const cookieList = cookies.split(';');
5-
6-
for(let i = 0; i < cookieList.length; ++i) {
7-
let cookiePair = cookieList[i].replace(' ', '');
8-
if(cookiePair.startsWith('s3o_username')) {
9-
user = cookiePair.split('=')[1];
10-
}
4+
if(userinfo.hasOwnProperty('first_name')){
5+
return `${userinfo.first_name}.${userinfo.last_name}`;
116
}
127

138
return user;
149
}
1510

11+
function getOktaUsername(userinfo) {
12+
return `${userinfo.first_name}.${userinfo.last_name}`;
13+
}
14+
1615
async function checkAndSplitText(text, limit, encoded = false) {
1716
const stringLength = Buffer.byteLength(text, 'utf8');
1817
const ratio = Math.ceil(stringLength/limit);
@@ -200,7 +199,7 @@ function configValidation(config, type, value, message) {
200199
}
201200

202201
module.exports = {
203-
extractUser: getS3OUserFromCookie,
202+
extractUser: getOKTAUserFromCookie,
204203
splitTextIntoChunks: checkAndSplitText,
205204
pauseForMillis: pauseForMillis,
206205
maybeAppendDot: maybeAppendDot,

index.js

+20-3
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
11
if (process.env.NODE_ENV !== 'production') require('dotenv').config();
22
const Utils = require('./bin/lib/utils/utils');
3-
const s3o = require('@financial-times/s3o-middleware');
43
const express = require('express');
54
const path = require('path');
65
const fs = require('fs');
76
const bodyParser = require('body-parser');
87
const app = express();
98
const helmet = require('helmet');
109
const express_enforces_ssl = require('express-enforces-ssl');
10+
const OktaMiddleware = require('@financial-times/okta-express-middleware');
11+
const session = require('cookie-session');
1112
const PORT = Utils.processEnv('PORT', {validateInteger: true, default: "2018"});
1213
const extract = require('./bin/lib/utils/extract-text');
1314
const hbs = require('hbs');
@@ -26,6 +27,14 @@ if (process.env.NODE_ENV === 'production') {
2627
app.use(bodyParser.json());
2728
app.use(bodyParser.urlencoded({ extended: false }));
2829

30+
const okta = new OktaMiddleware({
31+
client_id: process.env.OKTA_CLIENT,
32+
client_secret: process.env.OKTA_SECRET,
33+
issuer: process.env.OKTA_ISSUER,
34+
appBaseUrl: process.env.BASE_URL,
35+
scope: 'openid offline_access'
36+
});
37+
2938
const CAPI = require('./bin/lib/ft/capi').init(Utils.processEnv('FT_API_KEY'));
3039
const Translator = require('./bin/lib/translators/multi-translator');
3140
const Audio = require('./bin/lib/utils/get-audio');
@@ -73,6 +82,12 @@ app.use(function(req, res, next) {
7382
next();
7483
});
7584

85+
app.use(session({
86+
secret: process.env.SESSION_TOKEN,
87+
maxAge: 24 * 3600 * 1000, //24h
88+
httpOnly: true
89+
}));
90+
7691
app.post('/article/:uuid/:lang', (req, res, next) => {
7792
res.uuid = req.params.uuid;
7893
res.lang = req.params.lang;
@@ -302,10 +317,12 @@ app.get('/content/:uuid', (req,res) => {
302317
res.render('content', data);
303318
});
304319

305-
app.use(s3o);
320+
app.use(okta.router);
321+
app.use(okta.ensureAuthenticated());
322+
app.use(okta.verifyJwts());
306323

307324
app.get('/', async (req, res) => {
308-
const settings = await Translator.settings(Utils.extractUser(req.headers.cookie));
325+
const settings = await Translator.settings(Utils.extractUser(req.userContext.userinfo));
309326
return res.render('index', settings);
310327
});
311328

0 commit comments

Comments
 (0)