switch auth flow based on new env var

NASA-AMMOS · Jan 3, 2024 · 0009275 · 0009275
1 parent bc907ce
commit 0009275
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 32 deletions.
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
@@ -6,16 +6,32 @@ import effects from './utilities/effects';
 import type { ReqValidateSSOResponse } from './types/auth';
 import { reqGatewayForwardCookies } from './utilities/requests';
 import { base } from '$app/paths';
+import { env } from '$env/dynamic/public';
 
 export const handle: Handle = async ({ event, resolve }) => {
   try {
     if (event.isDataRequest) {
       return await resolve(event);
     }
 
+    if (env.PUBLIC_AUTH_TYPE === 'SSO') {
+      return await handleSSOAuth({ event, resolve });
+    } else {
+      return await handleJWTAuth({ event, resolve });
+    }
+
+  } catch (e) {
+    console.log(e);
+    event.locals.user = null;
+  }
+
+  return await resolve(event);
+};
+
+const handleJWTAuth: Handle = async ({ event, resolve }) => {
     const cookieHeader = event.request.headers.get('cookie') ?? '';
     const cookies = parse(cookieHeader);
-    const { activeRole: activeRoleCookie = null, user: userCookie = null } = cookies;
+    const { activeRole: activeRoleCookie = null, user: userCookie } = cookies;
 
     // try to get role with current JWT
     if (userCookie) {
@@ -26,7 +42,22 @@ export const handle: Handle = async ({ event, resolve }) => {
       }
     }
 
-    console.log(`trying SSO, since JWT was invalid`);
+    // if we're already on the login page, don't redirect
+    // otherwise we get stuck in a redirect loop
+    return event.url.pathname.startsWith('/login') || event.url.pathname.startsWith('/auth')
+      ? await resolve(event)
+      : new Response(null, {
+          headers: {
+            location: `${base}/login`,
+          },
+          status: 307,
+        });
+}
+
+const handleSSOAuth: Handle = async ({ event, resolve }) => {
+    const cookieHeader = event.request.headers.get('cookie') ?? '';
+    const cookies = parse(cookieHeader);
+    const { activeRole: activeRoleCookie = null } = cookies;
 
     // pass all cookies to the gateway, who can determine if we have any valid SSO tokens
     const validationData = await reqGatewayForwardCookies<ReqValidateSSOResponse>(
@@ -36,21 +67,17 @@ export const handle: Handle = async ({ event, resolve }) => {
     );
 
     if (!validationData.success) {
-      console.log('Invalid SSO token, redirecting to login UI page');
-      // if we're already on the login page, don't redirect
-      // otherwise we get stuck in a redirect loop
-      return event.url.pathname.startsWith('/login') || event.url.pathname.startsWith('/auth')
-        ? await resolve(event)
-        : new Response(null, {
-            headers: {
-              // redirectURL field from gateway response will contain our login UI URL
-              location: `${validationData.redirectURL}`,
-            },
-            status: 307,
-          });
+      console.log('Invalid SSO token, redirecting to SSO login UI page');
+      return new Response(null, {
+        headers: {
+          // redirectURL field from gateway response will contain our login UI URL
+          location: `${validationData.redirectURL}`,
+        },
+        status: 307,
+      });
     }
 
-    // otherwise, we had a valid SSO token, so compute roles from JWT
+    // otherwise, we had a valid SSO token, so compute roles from returned JWT
     const user: BaseUser = {
       id: validationData.userId ?? '',
       token: validationData.token ?? '',
@@ -74,20 +101,12 @@ export const handle: Handle = async ({ event, resolve }) => {
       event.cookies.set('user', userCookie, cookieOpts);
       event.cookies.set('activeRole', roles.defaultRole, cookieOpts);
 
-      return await resolve(event);
+    } else {
+      event.locals.user = null;
     }
 
-    // otherwise, we can't auth
-    console.log('unable to auth with JWT or SSO token');
-    console.log(validationData.message);
-    event.locals.user = null;
-  } catch (e) {
-    console.log(e);
-    event.locals.user = null;
-  }
-
-  return await resolve(event);
-};
+    return await resolve(event);
+}
 
 async function computeRolesFromCookies(
   userCookie: string | null,

diff --git a/src/routes/auth/logout/+server.ts b/src/routes/auth/logout/+server.ts
@@ -2,13 +2,16 @@ import { base } from '$app/paths';
 import type { RequestHandler } from '@sveltejs/kit';
 import { json } from '@sveltejs/kit';
 import { reqGatewayForwardCookies } from '../../../utilities/requests';
+import { env } from '$env/dynamic/public';
 
 export const POST: RequestHandler = async event => {
-  const invalidated = await reqGatewayForwardCookies<boolean>(
-    '/auth/logoutSSO',
-    event.request.headers.get('cookie') ?? '',
-    base,
-  );
+  const invalidated = (env.PUBLIC_AUTH_TYPE === "SSO")
+    ? await reqGatewayForwardCookies<boolean>(
+          '/auth/logoutSSO',
+          event.request.headers.get('cookie') ?? '',
+          base)
+    : true;
+
   return json(
     { message: 'Logout successful', success: invalidated },
     {