Replace token auth examples

other/js/auth_plugin_examples.js

@@ -9,101 +9,78 @@
  *
  */
 
-const querystring = require('querystring');
 const fs = require('fs');
 
-function urlTokenMatch(url, token, verbose=false) {
-    /**
-     * Parse the url path, extract the `token` querystring value, and check if
-     * it matches the token argument. If verbose is set to true, log messages
-     * are enabled.
-     *
-     * Args:
-     *      url (string): the path section of the URL
-     *      token (string): the token which the token provided in the URL should
-     *          match
-     *      verbose (boolean): If True, extra console.log messages will be output
-     */
-    let splitUrl = url.split("?")
-    if (splitUrl.length !== 2) {
-        if (verbose) {
-            console.log("Permission denied. No token provided.");
-        }
-        return false;
-    }
-    let qs = splitUrl[1];
-    let qs_parsed = querystring.parse(qs);
-    let success = (qs_parsed.token === token);
-    if (verbose) {
-        if (!success) {
-            console.log("Permission denied for token: " + qs_parsed.token);
-        } else {
-            console.log("Permission granted for token: " + qs_parsed.token);
-        }
-    }
-    return success;
-}
-
-exports.tokenAuth = function tokenAuth(source) {
-    /**
-     * Authorisation plugin which validates the token query parameter against
-     * a token provided as the argument to the `--auth-source` command line
-     * argument.
-     */
-    return {
-        authenticate(info) {
-            const token = source;
-            return urlTokenMatch(info.req.url, token, true);
-        }
-    }
-}
-
-exports.TokenAuthClass = class TokenAuthClass {
-    /**
-     * Class-based equivalent of tokenAuth
-     */
+class BaseAuth {
 
     constructor(source) {
         this.source = source;
     }
 
     authenticate(info) {
-        const token = this.source;
-        console.log(token)
-        return urlTokenMatch(info.req.url, token, true);
+        return false;
     }
 
 }
 
-exports.tokenAuthEnv = function tokenAuthEnv(source) {
-    /**
-     * Authorisation plugin which validates the token query parameter against
-     * a token which is the value of an environment variable. The name of this
-     * environment variable is specified as the argument to the command line
-     * argument `--auth-source`
-     */
-    return function(info) {
-        let token = process.env[source];
-        return urlTokenMatch(info.req.url, token, true);
+/**
+ * Authorisation plugin which validates origin of the request against a single
+ * permitted origin
+ */
+exports.AuthByOrigin = class AuthByOrigin extends BaseAuth {
+
+    authenticate(info) {
+        const expected = this.source;
+        const actual = info.origin;
+        const allow = expected === actual;
+        if (!allow) {
+            console.log("Denied access from origin: " + actual)
+        }
+        return allow;
     }
+
 }
 
-exports.tokenAuthFile = function tokenEnvFile(source) {
-    /**
-     * Authorisation plugin which validates the token query parameter against a
-     * token which is contained in a text file, the path to which is specified
-     * as the value of the `--auth-source` command line argument
-     */
-    return function(info, cb) {
-        fs.readFile(source, 'utf8', function(err, data) {
+/**
+ * Function-based version of AuthByOrigin
+ */
+exports.AuthByOriginFunctional = function(source) {
+    return {
+        authenticate(info) {
+            const expected = source;
+            const actual = info.origin;
+            const success = expected === actual;
+            if (!success) {
+                console.log("Denied access from origin: " + actual)
+            }
+            return success;
+        }
+    };
+}
+
+/**
+ * Authorisation plugin which validates the origin of the request against
+ * an origin contained in a text file, the path to which is specified
+ * as the value of the `--auth-source` command line argument
+ */
+exports.AuthByOriginFile = class AuthByOriginFile extends BaseAuth {
+
+
+    authenticate(info, cb) {
+        fs.readFile(this.source, 'utf8', function(err, data) {
             if (err) {
                 console.log(err);
                 cb(false);
             } else {
-                let token = data.trim();
-                let success = urlTokenMatch(info.req.url, token, true);
+                const expected = data.trim();
+                const actual = info.origin;
+                const success = expected === actual;
+                if (!success) {
+                    console.log("Denied access from origin: " + actual);
+                }
                 cb(success);
             }
-        });
+        })
     }
+
 }

other/js/websockify.js

@@ -29,7 +29,7 @@ var argv = require('optimist').argv,
 
 
 // Handle new WebSocket client
-new_client = function(client, req) {
+const new_client = function(client, req) {
     var clientAddr = client._socket.remoteAddress, log;
     console.log(req ? req.url : client.upgradeReq.url);
     log = function (msg) {
@@ -76,7 +76,7 @@ new_client = function(client, req) {
 
 
 // Send an HTTP error response
-http_error = function (response, code, msg) {
+const http_error = function (response, code, msg) {
     response.writeHead(code, {"Content-Type": "text/plain"});
     response.write(msg + "\n");
     response.end();
@@ -84,7 +84,7 @@ http_error = function (response, code, msg) {
 }
 
 // Process an HTTP static file request
-http_request = function (request, response) {
+const http_request = function (request, response) {
 //    console.log("pathname: " + url.parse(req.url).pathname);
 //    res.writeHead(200, {'Content-Type': 'text/plain'});
 //    res.end('okay');
@@ -183,7 +183,7 @@ if (argv["auth-plugin"]) {
 
     const auth_source = argv["auth-source"] || undefined;
 
-    const auth_plugin = plugin_factory(auth_source);
+    auth_plugin = plugin_factory(auth_source);
 
     websocket_server_opts = {
         server: webServer,