在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:TencentWSRD/koa-cas开源软件地址:https://github.com/TencentWSRD/koa-cas开源编程语言:JavaScript 99.6%开源软件介绍:koa-cas2A complete implement of CAS Client middleware for Express/Connect, support CAS 2.0+ protocol. CAS(Central Authentication Service) is a single-sign-on / single-sign-off protocol for the web. We suppose you are already familiar with the CAS protocol, if not, please read this document before you use this. Install
Feature
Quick startNotice:
var express = require('express');
var ConnectCas = require('koa-cas2');
var bodyParser = require('body-parser');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var MemoryStore = require('session-memory-store')(session);
var app = express();
app.use(cookieParser());
app.use(session({
name: 'NSESSIONID',
secret: 'Hello I am a long long long secret',
store: new MemoryStore() // or other session store
}));
var casClient = new ConnectCas({
debug: true,
ignore: [
/\/ignore/
],
match: [],
servicePrefix: 'http://localhost:3000',
serverPath: 'http://your-cas-server.com',
paths: {
validate: '/cas/validate',
serviceValidate: '/buglycas/serviceValidate',
proxy: '/buglycas/proxy',
login: '/buglycas/login',
logout: '/buglycas/logout',
proxyCallback: '/buglycas/proxyCallback'
},
redirect: false,
gateway: false,
renew: false,
slo: true,
cache: {
enable: false,
ttl: 5 * 60 * 1000,
filter: []
},
fromAjax: {
header: 'x-client-ajax',
status: 418
}
});
app.use(casClient.core());
// NOTICE: If you want to enable single sign logout, you must use casClient middleware before bodyParser.
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.get('/logout', casClient.logout());
// or do some logic yourself
app.get('/logout', function(req, res, next) {
// Do whatever you like here, then call the logout middleware
casClient.logout()(req, res, next);
}); Constructorvar casClient = new CasClient(options); optionsoptions.serverPath {String} (Required)The root path of your CAS server. For example: https://www.your-cas-server-path.com For example: If you set options.servicePrefix {String} (Required)The root path of your CAS client(Your website root). Every paths that for your CAS client will use this path as the root path. For example: If you set options.ignore {Array} (Optional, default: [])In some cases, you don't need all request to be authenticated by CAS. So you can set the ignore rules, when some rules matched, the casClient.core middleware will go next and do nothing. Rules here support String/RegExp/Function. Under the hook, we checked the rules like:
if (req.path.indexOf(stringRule) > -1) next();
if (regRule.test(req.path)) next();
if (functionRule(req.path, req)) next(); So you could config which specific path you need to ignore by the CAS authentication. options.match {Array} (Optional, default: []) (Not recommend)If you set this option, only the paths that matched one of the rules will go into CAS middleware. All rules works as above. options.paths {Object} (Optional)Relative paths to all functional paths for the CAS protocol. All paths for CAS Server is depending on your CAS server. options.paths.validate (String) (Optional, default: '/cas/validate')(For CAS Client) The path you want your CAS client to validate a ticket from CAS server. We'll use options.paths.proxyCallback (String) (Optional, default: '')(For CAS Client) In proxy mode, setting this path means you want this path of your CAS Client to receive the callback from CAS Server(Proxy mode) to receive the PGTIOU and PGTID. This could be a relative path like the others, or it can also be a absolute path. In none-proxy mode, don't set this option! Read this for more information about proxy mode options.paths.serviceValidate (String) (Optional, default: '/cas/serviceValidate')(For CAS Server) The path your CAS Server validate a ticket(ST). options.paths.proxy (String) (Optional, default: '/cas/proxy')(For CAS Server) The path we'll ask CAS Server to get a PT(proxy ticket) to communicate with any other back-end service. options.paths.login (String) (Optional, default: '/cas/login')(For CAS Server) The login path of your CAS server. options.paths.logout (String) (Optional, default: '/cas/logout')(For CAS Server) The logout path of your CAS server. options.paths.restletIntegration (String) (Optional, default: '')(For CAS Server) The restlet integration api of your CAS Server. Set up this option only if you need to use restlet integration. options.fromAjax {Object} (Optional, default: {})When your user's authentication is expired, all request send to CAS client will redirect to the CAS login path. So image this situation, when you're sending an Ajax request to a CAS client, meanwhile your authentication is expired, besides your CAS Client and CAS Server is not in the same domain, an CROS error will happen. This situation is difficult to handle, because an AJAX request can't notice 302 redirect response, and it will directly redirect without telling you anything. And for the reason of preventing this embarrassing situation, we add this option. options.fromAjax.header {String} (Optional, default: 'x-client-ajax')CAS will assume all request with header: 'x-client-ajax' is an AJAX request, so when user's authentication expired, CAS won't redirect to the login page, but send back the specified http status code that you set as For example: If you set options.fromAjax.status {Number} (Optional, default: 418)As introduced before, when user's authentication expired, CAS won't redirect to the login page, but send back this as http status code. For example:
So what you need to do in your browser's code is:
options.debug {Boolean} (Deprecated)Because CAS protocol is complicated, we remove this option. We recommend you to always log every step that what CAS client do on your production environment. In production environment, it's recommended to setup your own logger by options.logger. options.redirect(req, res) {Function} (Optional, default: null)The default behaviour that when a user login or login failed, CAS client will redirect the user to the last url the user visited. Setting up this option to change this behavior, if you return a none-empty string from this redirect function, then CAS won't redirect to the last url, but the url you returned. For example, on some pages, you don't want redirect the user to the login page after they logout. By default, after a user logout, CAS client will redirect the user to So, on those pages, you can set a key in cookies when your user want to logout, then check this value in cookie in the (NOTICE: The only reason that we pass var options = {
redirect: function(req, res) {
if (req.cookies.logoutFrom) {
// When need to redirect to specific location, return the location you want to redirect.
return url.parse(req.cookies.logoutFrom).pathname;
}
}
};
var casClient = new CasClient(options)
app.get('/logout', function(req, res) {
var fromWhere = req.get('Referer');
var fromWhereUri = url.parse(fromWhere);
if (fromWhereUri.pathname.match(/the page you dont want user to login after logout/)) {
res.cookie('logoutFrom', fromWhereUri.pathname);
}
casClient.logout()(req, res);
});
options.cache {Object} (Optional) |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论