javascript-assisted-token-website/server.js at master · curityio/javascript-assisted-token-website · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
var http = require('http');
var fs = require('fs');
var path = require('path');
var url = require('url');

// Take the listening port as argument
var port = (process.argv.length > 2 ? process.argv[2] : 8080);

var handleFileRequest = function(request, response, pathname) {

    console.log("Serving file");

    var filePath = '.' + pathname;

    console.log("filePath = " + filePath);

    if (filePath == './')
        filePath = './index.html';

    if (filePath.indexOf("/", filePath.length - "/".length) !== -1) {
        filePath = filePath + 'index.html';
    }

    var extname = path.extname(filePath);
    var contentType = 'text/html';
    switch (extname) {
        case '.js':
            contentType = 'text/javascript';
            break;
        case '.css':
            contentType = 'text/css';
            break;
    }

    fs.exists(filePath, function (exists) {

        if (exists) {
            fs.readFile(filePath, function (error, content) {
                if (error) {
                    response.writeHead(500);
                    response.end();
                }
                else {
                    var responseHeaders = {
                        'Content-Type': contentType,
                    }
                    console.log(`File ${filePath} being served`)

                    response.writeHead(200, responseHeaders);
                    response.end(content, 'utf-8');
                }
            });
        }
        else {
            response.writeHead(404);
            response.end();
        }
    });
};

var handleApiRequest = function(request, response, apiHandler) {

    console.log("Serving API");

    // Employing very forgiving CORS, so this API-endpoint can be called from another origin;
    // E.g. when running multiple instances of this server that makes API-calls between each other.
    var responseHeaders = {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Headers': 'Authorization'
    };

    // Making the naive assumption that any OPTIONS request is the user-agent making a cross-site preflighted request.
    if (request.method === 'OPTIONS') {
        console.log("Accepting probable preflight request");

        response.writeHead(200, responseHeaders);
        response.end();
        return;
    }

    var message;
    var status;

    var authorizeHeader = request.headers['authorization'];

    if (authorizeHeader !== undefined) {
        status = 200;
        var token = authorizeHeader.substring('Bearer '.length);
        message = apiHandler(token);
    } else {
        status = 401;
        message = "No token included in API call";
        console.log("No token on request");
    }

    if (!response.finished) {
        console.log("handleApiRequest: Ending response");
    }
};

http.createServer(function (request, response) {

    console.log('request starting...');

    var pathname = url.parse(request.url, true).pathname;

    if (pathname === '/api') {
        handleApiRequest(request, response, function(token) {
            console.log("Token on request: " + token);

            response.end("API accessed with token " + token, 'utf-8');
        });
    } else {
        handleFileRequest(request, response, pathname);
    }

}).listen(port);

console.log('Server running at http://127.0.0.1:%d/', port);