First commit

sso-demo/middleware/ssoHandler.js

@@ -0,0 +1,51 @@
+const jwt = require('jsonwebtoken');
+const User = require('../models/user');
+
+async function ssoHandler(req, res, next) {
+    // 1. Check if the token is in the query parameters
+    const { token } = req.query;
+
+    if (token) {
+        try {
+            // 2. Decode the JWT to get the payload
+            // In a real app, you MUST verify the token signature using jwt.verify()
+            // For this demo, we'll just decode to inspect the payload.
+            const decoded = jwt.decode(token);
+
+            if (!decoded || !decoded.sub) {
+                return res.status(400).send('Invalid token: "sub" claim is missing.');
+            }
+
+            // 3. Find user by 'sub' claim
+            let user = await User.findBySsoSub(decoded.sub);
+
+            // 4. If user doesn't exist, create a new one (auto-registration)
+            if (!user) {
+                user = await User.createUser({ sso_sub: decoded.sub });
+            }
+
+            // 5. Save user information in the session
+            req.session.userId = user.id;
+
+            // 6. Redirect to the same URL without the token parameter
+            const redirectUrl = req.path;
+            return res.redirect(redirectUrl);
+
+        } catch (error) {
+            console.error('SSO handling failed:', error);
+            return res.status(500).send('An error occurred during SSO processing.');
+        }
+    }
+
+    // Attach user to request if session exists
+    if (req.session.userId) {
+        res.locals.user = await User.findById(req.session.userId);
+    } else {
+        res.locals.user = null;
+    }
+
+
+    return next();
+}
+
+module.exports = ssoHandler;