52 lines
1.6 KiB
JavaScript
52 lines
1.6 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const User = require('../models/user');
|
|
|
|
async function ssoHandler(req, res, next) {
|
|
// 1. Check if the token is in the query parameters
|
|
const { token } = req.query;
|
|
|
|
if (token) {
|
|
try {
|
|
// 2. Decode the JWT to get the payload
|
|
// In a real app, you MUST verify the token signature using jwt.verify()
|
|
// For this demo, we'll just decode to inspect the payload.
|
|
const decoded = jwt.decode(token);
|
|
|
|
if (!decoded || !decoded.sub) {
|
|
return res.status(400).send('Invalid token: "sub" claim is missing.');
|
|
}
|
|
|
|
// 3. Find user by 'sub' claim
|
|
let user = await User.findBySsoSub(decoded.sub);
|
|
|
|
// 4. If user doesn't exist, create a new one (auto-registration)
|
|
if (!user) {
|
|
user = await User.createUser({ sso_sub: decoded.sub });
|
|
}
|
|
|
|
// 5. Save user information in the session
|
|
req.session.userId = user.id;
|
|
|
|
// 6. Redirect to the same URL without the token parameter
|
|
const redirectUrl = req.path;
|
|
return res.redirect(redirectUrl);
|
|
|
|
} catch (error) {
|
|
console.error('SSO handling failed:', error);
|
|
return res.status(500).send('An error occurred during SSO processing.');
|
|
}
|
|
}
|
|
|
|
// Attach user to request if session exists
|
|
if (req.session.userId) {
|
|
res.locals.user = await User.findById(req.session.userId);
|
|
} else {
|
|
res.locals.user = null;
|
|
}
|
|
|
|
|
|
return next();
|
|
}
|
|
|
|
module.exports = ssoHandler;
|