-
Notifications
You must be signed in to change notification settings - Fork 2.7k
/
api.js
48 lines (41 loc) · 1.56 KB
/
api.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
'use strict';
const passport = require('passport');
const winston = require('winston');
const helpers = require('../controllers/helpers');
const middleware = module.exports;
middleware.authenticate = function (req, res, next) {
if (req.headers.hasOwnProperty('authorization')) {
passport.authenticate('bearer', { session: false }, function (err, user) {
if (err) { return next(err); }
if (!user) { return helpers.formatApiResponse(401, res); }
// If the token received was a master token, a _uid must also be present for all calls
if (user.hasOwnProperty('uid')) {
req.login(user, function (err) {
if (err) { return helpers.formatApiResponse(500, res, err); }
req.uid = user.uid;
req.loggedIn = req.uid > 0;
next();
});
} else if (user.hasOwnProperty('master') && user.master === true) {
if (req.body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) {
user.uid = req.body._uid || req.query._uid;
delete user.master;
req.login(user, function (err) {
if (err) { return helpers.formatApiResponse(500, res, err); }
req.uid = user.uid;
req.loggedIn = req.uid > 0;
next();
});
} else {
return helpers.formatApiResponse(400, res, new Error('A master token was received without a corresponding `_uid` in the request body'));
}
} else {
winston.warn('[api/authenticate] Unable to find user after verifying token');
helpers.formatApiResponse(500, res);
}
})(req, res, next);
} else {
// No bearer token, reject request
helpers.formatApiResponse(401, res);
}
};