forked from Badgerati/Pode
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathweb-auth-clientcert.ps1
46 lines (36 loc) · 1.59 KB
/
web-auth-clientcert.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
$path = Split-Path -Parent -Path (Split-Path -Parent -Path $MyInvocation.MyCommand.Path)
Import-Module "$($path)/src/Pode.psm1" -Force -ErrorAction Stop
# or just:
# Import-Module Pode
# create a server, flagged to generate a self-signed cert for dev/testing, but allow client certs for auth
Start-PodeServer {
# bind to ip/port and set as https with self-signed cert
Add-PodeEndpoint -Address * -Port 8443 -Protocol Https -SelfSigned -AllowClientCertificate
# set view engine for web pages
Set-PodeViewEngine -Type Pode
# setup client cert auth
New-PodeAuthScheme -ClientCertificate | Add-PodeAuth -Name 'Validate' -Sessionless -ScriptBlock {
param($cert, $errors)
# validate the thumbprint - here you would check a real cert store, or database
if ($cert.Thumbprint -ieq '3571B3BE3CA202FA56F73691FC258E653D0874C1') {
return @{
User = @{
ID ='M0R7Y302'
Name = 'Morty'
Type = 'Human'
}
}
}
# an invalid cert
return @{ Message = 'Invalid certificate supplied' }
}
# GET request for web page at "/"
Add-PodeRoute -Method Get -Path '/' -Authentication 'Validate' -ScriptBlock {
#$WebEvent.Request.ClientCertificate | out-default
Write-PodeViewResponse -Path 'simple' -Data @{ 'numbers' = @(1, 2, 3); }
}
# GET request throws fake "500" server error status code
Add-PodeRoute -Method Get -Path '/error' -Authentication 'Validate' -ScriptBlock {
Set-PodeResponseStatus -Code 500
}
}