portal/app.js

require("dotenv").config();
const express = require("express");
const session = require("express-session");
const passport = require("passport");
const { Strategy } = require("passport-openidconnect");
const path = require("path");

const app = express();

app.set("view engine", "ejs");
app.set("views", path.join(__dirname, "views"));
app.use(express.static(path.join(__dirname, "public")));
app.use(express.json());
app.use(express.urlencoded({ extended: true }));

app.use(session({
  secret: process.env.SESSION_SECRET,
  resave: false,
  saveUninitialized: false,
  cookie: { secure: false, httpOnly: true, maxAge: 8 * 60 * 60 * 1000 }
}));

app.use(passport.initialize());
app.use(passport.session());

passport.use("oidc", new Strategy({
  issuer: process.env.OIDC_ISSUER,
  authorizationURL: process.env.OIDC_ISSUER + "/protocol/openid-connect/auth",
  tokenURL: process.env.OIDC_ISSUER + "/protocol/openid-connect/token",
  userInfoURL: process.env.OIDC_ISSUER + "/protocol/openid-connect/userinfo",
  clientID: process.env.OIDC_CLIENT_ID,
  clientSecret: process.env.OIDC_CLIENT_SECRET,
  callbackURL: process.env.OIDC_CALLBACK_URL,
  scope: "openid email profile",
  passReqToCallback: false,
}, (issuer, profile, done) => {
  return done(null, {
    username: profile.id,
    name: profile.displayName,
    email: profile.emails && profile.emails[0] && profile.emails[0].value,
    groups: [],
  });
}));

passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((user, done) => done(null, user));

app.use("/auth", require("./routes/auth"));
app.use("/dashboard", require("./routes/dashboard"));

app.get("/", (req, res) => {
  if (req.isAuthenticated()) return res.redirect("/dashboard");
  res.redirect("/auth/login");
});

app.get("/health", (req, res) => res.json({ status: "ok" }));

app.listen(process.env.PORT, () => {
  console.log("Portal running on port " + process.env.PORT);
});