shimapan/app/util/requireAuth.js

const Key = require('../models/Key.js');
const wrap = require('./wrap.js');

const verifyScope = require('./verifyScope.js');

// Checks for authentication by either API Key or Session
// Sets body.authUser and body.authKey if check passed
// If the request is authenticated and has the desired scope, continue.
// If the request is authenticated, but lacks the required scope, return 403 Forbidden.
// If the request is unauthenticated, return 401 Unauthorized.
const requireAuth = scope =>
    wrap(async (req, res, next) => {
        if (req.isAuthenticated()) {
            if (scope ? verifyScope(req.session.passport.scope, scope) : true) {
                req.username = req.session.passport.user;
                req.displayname = req.session.passport.displayname;
                req.scope = req.session.passport.scope;
                req.key = null;
                next();
            } else {
                res.status(403).json({message: 'Forbidden.'});
            }
        } else if (req.body.key) {
            const key = await Key.findOne({key: key});
            if (scope ? verifyScope(key.scope, scope) : true) {
                req.username = key.issuer;
                req.displayname = key.issuer;
                req.scope = key.scope;
                req.key = key.key;
                next();
            } else {
                res.status(403).json({message: 'Forbidden.'});
            }
        } else {
            res.status(401).json({'message': 'Unauthorized.'});
        }
    });

module.exports = requireAuth;
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00			`const Key = require('../models/Key.js');`
Change wrap to only export itself 2018-07-26 21:52:47 -04:00			`const wrap = require('./wrap.js');`
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00
Add custom authenticator in upload.js 2018-07-28 12:19:38 -04:00			`const verifyScope = require('./verifyScope.js');`
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00
Make requireAuth() add request variables 2018-07-26 13:15:54 -04:00			`// Checks for authentication by either API Key or Session`
			`// Sets body.authUser and body.authKey if check passed`
			`// If the request is authenticated and has the desired scope, continue.`
			`// If the request is authenticated, but lacks the required scope, return 403 Forbidden.`
			`// If the request is unauthenticated, return 401 Unauthorized.`
Change requireAuth to only export itself 2018-07-27 14:08:02 -04:00			`const requireAuth = scope =>`
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00			`wrap(async (req, res, next) => {`
Make requireAuth() add request variables 2018-07-26 13:15:54 -04:00			`if (req.isAuthenticated()) {`
			`if (scope ? verifyScope(req.session.passport.scope, scope) : true) {`
Make use of username/displayname field consistent throughout api 2018-07-26 19:40:42 -04:00			`req.username = req.session.passport.user;`
			`req.displayname = req.session.passport.displayname;`
			`req.scope = req.session.passport.scope;`
			`req.key = null;`
Make requireAuth() add request variables 2018-07-26 13:15:54 -04:00			`next();`
			`} else {`
			`res.status(403).json({message: 'Forbidden.'});`
			`}`
Add custom authenticator in upload.js 2018-07-28 12:19:38 -04:00			`} else if (req.body.key) {`
			`const key = await Key.findOne({key: key});`
Make requireAuth() add request variables 2018-07-26 13:15:54 -04:00			`if (scope ? verifyScope(key.scope, scope) : true) {`
Add custom authenticator in upload.js 2018-07-28 12:19:38 -04:00			`req.username = key.issuer;`
			`req.displayname = key.issuer;`
Make use of username/displayname field consistent throughout api 2018-07-26 19:40:42 -04:00			`req.scope = key.scope;`
			`req.key = key.key;`
Make requireAuth() add request variables 2018-07-26 13:15:54 -04:00			`next();`
			`} else {`
			`res.status(403).json({message: 'Forbidden.'});`
			`}`
			`} else {`
Add ping api route and test for valid session 2018-07-25 21:34:16 -04:00			`res.status(401).json({'message': 'Unauthorized.'});`
Make requireAuth() add request variables 2018-07-26 13:15:54 -04:00			`}`
Change requireAuth to only export itself 2018-07-27 14:08:02 -04:00			`});`

			`module.exports = requireAuth;`