This repository has been archived by the owner on Feb 3, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 203
/
auth_middleware.js
88 lines (70 loc) · 2.11 KB
/
auth_middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
'use strict';
// Node modules
const HttpCodes = require('http-codes');
const Path = require('path');
module.exports = {
//
// Looks for an auth header or cookie and sets req.User and res.locals.User if the token is valid.
//
attachUser: (req, res, next) => {
const models = req.app.locals.Database.sequelize.models;
// Check for an auth token in headers or cookies and set req.user if the token is valid
let authToken = req.get('X-Auth-Token') || req.cookies.authToken;
// Decode the token
models.user
.decodeAuthToken(authToken)
.then((user) => {
// Attach the user to req and res.locals
req.User = user;
res.locals.User = user;
next();
// Supress Bluebird warning
return null;
})
// Missing or invalid token, don't attach anything
.catch(() => next());
},
//
// Forwards authenticated users to the dashboard.
//
forwardAuth: (req, res, next) => {
const MakeUrl = require(Path.join(__basedir, 'source/modules/make_url.js'))(req.app.locals.Settings);
if(req.User) {
return res.redirect(MakeUrl.admin());
}
next();
},
//
// Requires an authorized user before allowing the request to complete.
//
requireAuth: (req, res, next) => {
const MakeUrl = require(Path.join(__basedir, 'source/modules/make_url.js'))(req.app.locals.Settings);
if(req.User) return next();
// XHR requests
if(req.xhr) {
res.status(HttpCodes.UNAUTHORIZED);
return next('Unauthorized');
}
// Redirect non-XHR requests to the login page
res.redirect(
MakeUrl.admin('login', {
query: { redirect: req.originalUrl }
})
);
},
//
// Requires the authorized user to have a certain role before allowing the request to complete.
//
// role* (string|array) - The role(s) to require.
//
requireRole: (role) => {
return (req, res, next) => {
if(!Array.isArray(role)) role = [role];
if(!role.includes(req.User.role)) {
res.status(HttpCodes.UNAUTHORIZED);
return next('Unauthorized');
}
return next();
};
}
};