Auth.js

import * as spauth from 'node-sp-auth';

import getBaseUrl from '../utils/getBaseUrl';

export const AuthMethod = {
    NONE: 'NONE',
    NTLM: 'NTLM',
    BASIC: 'BASIC'
};

export function getAuthMethod(authenticate) {
    if (!authenticate) {
        return AuthMethod.NONE;
    }
    if (authenticate.match(/NTLM/i)) {
        return AuthMethod.NTLM;
    }
    if (authenticate.match(/Basic /i)) {
        return AuthMethod.BASIC;
    }
    console.warn(`Unsupported authentication method: ${authenticate}`);
    return undefined;
}

export function getAuthOptions(data) {
    switch (getAuthMethod(data.authenticate)) {
        case AuthMethod.BASIC:
            return getAuthOptionsBasic(data);
        case AuthMethod.NTLM:
            return getAuthOptionsNTLM(data);
        default:
            return {};
    }
}

export function getAuthOptionsBasic({ username, password }) {
    return {
        headers: {
            Authorization: 'Basic ' + new Buffer(username + ':' + password).toString('base64')
        }
    };
}

export async function getAuthOptionsNTLM({ url, username, password, domain }) {
    if (username.indexOf('\\') !== -1) {
        const parts = username.split('\\');
        domain = parts[0];
        username = parts[1];
    }

    const data = await spauth.getAuth(getBaseUrl(url), {
        username,
        password,
        domain
    });

    return {
        ...data.options,
        headers: data.headers
    };
}

downloadToTemp.js

import fs from 'fs-extra';
import path from 'path';

import crypto from 'crypto';

import * as request from 'request';

import config from '../config';
import ExternalAuthError from '../errors/ExternalAuthError';
import { getAuthOptions } from './Auth';

const tempDir = path.resolve(config.app.storage.attachments, '.temp');

/**
 * Downloads a file from a URL to a (temp) location and saves it with a random filename.
 * Returns a promise that is resolved with the full path to the downloaded file.
 * Handles Basic and NTLM auth when given `user`, `password` and `authenticate`
 *
 * @param {String} url - the remote file to be downloaded
 * @param {Object} [options] - An options object
 * @param {String} [options.dir = tempDir] - Local path to a destination folder for the downloaded file.
 * @param {String} [options.authenticate] - Type of authentication required by remote file. of `BASIC` or `NTLM`
 * @param {String} [options.domain] - Domain for remote authentication. May be part of username as well.
 * @param {String} [options.username] - Username for remote authentication. May contain a domain name (e.g. `domain\username`)
 * @param {String} [options.password] - Password for remote authentication
 */
export default async function downloadToTemp(url, { dir = tempDir, authenticate, domain, username, password } = {}) {
    const authOptions = await getAuthOptions({ url, username, password, domain, authenticate });
    const requestOptions = { url, ...authOptions };
    return new Promise((resolve, reject) => {
        // start off with a paused stream - we need to check response headers first, then resume
        // that's because the on('error') handler is not invoked on all errors - e.g. http error responses >=400 slip through
        // see https://stackoverflow.com/questions/7222982/node-request-how-to-determine-if-an-error-occurred-during-the-request/26163128#26163128
        const req = request.get(requestOptions);
        req.pause();
        // however, it is invoked in some error cases
        req.on('error', function(error) {
            reject(error);
        });
        req.on('response', async response => {
            if (response.statusCode === 401) {
                // Authentication required
                reject(new ExternalAuthError(response));
            } else if (response.statusCode >= 400) {
                // Some other error
                reject(new Error(response.statusCode));
            } else {
                // Download is available
                try {
                    await fs.ensureDir(dir);
                    const id = crypto.randomBytes(20).toString('hex');
                    const filepath = path.resolve(dir, id);
                    req.pipe(fs.createWriteStream(filepath));
                    req.on('end', () => resolve(filepath));
                    req.resume();
                } catch (error) {
                    reject(error);
                }
            }
        });
    });
}

usage.js

/**
 * Downloads a file from a URL and puts it in the user uploads folder.
 * Creates a new Attachment node for that file in orientdb and connects it to the user node.
 * Supports NTLM an basic auth (e.g. sharepoint, htaccess)
 * Returns a promise.
 *
 * @param {String} url - The URL of the file
 * @param {User|String} user - A user object or user ID
 * @param {Object} [options] - An options object
 * @param {String} [options.filename] - An optional name for the saved file. Defaults to the last segment of the URL
 * @return {Object} - A `{ filename, filepath, hash }` object
 */
async function downloadForUser(url, userId, options = {}) {
    const tempfilePath = await downloadToTemp(url, {
        username: options.username,
        password: options.password,
        authenticate: options.authenticate
    });
    const hash = await getFileHash(tempfilePath);

    const filename = options.filename || getFileName(url);
    const dirpath = path.resolve(config.app.storage.attachments, userId, hash);
    const filepath = path.resolve(dirpath, filename);

    await fs.ensureDir(dirpath);
    await fs.move(tempfilePath, filepath, { overwrite: true });

    const fileInfo = { filename, filepath, hash };
    const attachment = await this.getUserAttachment(fileInfo, userId);
    if (attachment.vertex) {
        const { vertex, edge } = attachment;
        return { fileInfo, vertex, edge };
    } else {
        const { vertex, edge } = await Attachments.createUserAttachment(fileInfo, userId);
        return { fileInfo, vertex, edge };
    }
}