I'll preface this with the disclaimmer that I am historically more of an infrastructure person, now in a position that I need to build several web services. Due to business requirements, I am trying to create what should be a very simple service using node-soap, exposing a soap endpoint protected by basic auth. I have followed the documentation to create a basic soap endpoint, which is working with a very basic wsdl, and I have followed the documentation for securing a Node service using basic auth.My problum is that Node is protecting everything except the /wsdl context with basic auth, but when I get into the soap.listen event basic auth is ignored and all unauthenticated requests are processed. I suspect I am missing something very basic, so anything you can point me to is appreciated. Searches and documentation seem primarily focused on calling a soap endpoint with basic auth and there don't seem to be any good examples of actually publishing such a service using Node.My server functionsvar server = http.createServer(function(request,response) {var credentials = auth(request);console.log('Checking credentials');if (!credentials || !check(credentials.name, credentials.pass)) {response.statusCode = 401response.setHeader('WWW-Authenticate', 'Basic realm="example"')response.end('Access denied')}response.end('404: Not Found: ' + request.url);});function check(name, pass) {var valid = true//Simple method to prevent short-circut and use timing-safe comparevalid = compare(name, 'john') && validvalid = compare(pass, 'secret') && validreturn valid}server.listen(8000);soap.listen(server, '/wsdl', WorkOrderService, xml, function(){var authorized = check('user','pass');soap.authorizeConnection = function() {return false;};console.log('server initialized');});I've tried placing the check call into the soap.listener, and tried both false and true for the soap.authorizeConnection. As mentioned, I'm new to both SOAP and Node, so please do not be shy about pointing out the basics.
Submitted September 30, 2019 at 05:36PM by infra2dev
No comments:
Post a Comment