const radius = require ('radius'); const data = require ('./data.js'); module.exports = { radius: { authentication: (msg, info, callback) => { try { var decoded = radius.decode ({ packet: msg, secret: config.client_secret }); if (decoded.code == 'Access-Request') { var username = decoded.attributes['User-Name']; var password = decoded.attributes['User-Password']; if (config.mac_auth_only) { username = username.toLowerCase ().replace (/[:-]/g, ''); password = password.toLowerCase ().replace (/[:-]/g, ''); } var user = data.authUser (username, password); var vlan = false; var code = 'Access-Reject'; if (user) { log.write (username + " access granted to VLAN " + user.vlan); code = 'Access-Accept'; vlan = user.vlan; } else { if (config.default_vlan) { // Permit into default vlan if enabled log.write (username + " unknown. Placing into default VLAN."); code = 'Access-Accept'; vlan = config.default_vlan; } else { log.write (username + " access denied."); code = 'Access-Reject'; } } var response = radius.encode_response ({ packet: decoded, code: code, secret: config.client_secret, attributes: { "Tunnel-Medium-Type": 6, "Tunnel-Type": 13, "Tunnel-Private-Group-Id": vlan, "Session-Timeout": config.session_duration || 60 } }); callback (response, null); } } catch (error) { log.write ('Cannot read RADIUS packet'); log.write (error); callback (null, "Error. Cannot read RADIUS packet."); } }, accounting: (msg, info, callback) => { log.write ('Unsupported RADIUS packet'); callback (null, "Error. Unsupported RADIUS packet."); } }, user: { create: data.createUser, getall: data.getUsers, getone: data.getUser, delete: data.deleteUser } }