49 lines
1.8 KiB
JavaScript
49 lines
1.8 KiB
JavaScript
const axios = require('axios');
|
||
|
||
async function authenticateWithLDAP(username, password) {
|
||
try {
|
||
const response = await axios.post(process.env.LDAP_AUTH_URL, {
|
||
username,
|
||
password
|
||
}, {
|
||
headers: { 'Content-Type': 'application/json' },
|
||
timeout: 5000
|
||
});
|
||
|
||
if (response.data && response.data.success === true) {
|
||
return {
|
||
success: true,
|
||
username: response.data.username,
|
||
full_name: response.data.full_name,
|
||
groups: response.data.groups || [],
|
||
description: response.data.description || ''
|
||
};
|
||
} else {
|
||
return { success: false, message: 'Неверные учетные данные' };
|
||
}
|
||
} catch (error) {
|
||
console.error('LDAP auth error:', error.message);
|
||
return { success: false, message: 'Ошибка соединения с сервером авторизации' };
|
||
}
|
||
}
|
||
|
||
function checkUserAccess(groups) {
|
||
const allowedGroups = process.env.ALLOWED_GROUPS ? process.env.ALLOWED_GROUPS.split(',') : [];
|
||
const tasksGroups = process.env.TASKS_GROUPS ? process.env.TASKS_GROUPS.split(',') : [];
|
||
|
||
const isAdmin = groups.some(group => allowedGroups.includes(group));
|
||
const isAllowed = groups.some(group => tasksGroups.includes(group));
|
||
|
||
if (isAdmin) {
|
||
return { allowed: true, role: 'admin' };
|
||
} else if (isAllowed) {
|
||
return { allowed: true, role: 'user' };
|
||
} else {
|
||
return { allowed: false, role: null, message: 'Доступ запрещён. Обратитесь к администрации.' };
|
||
}
|
||
}
|
||
|
||
module.exports = {
|
||
authenticateWithLDAP,
|
||
checkUserAccess
|
||
}; |