Separate out logic in requireAuth and make one unified auth.js include

před 5 roky · f7d51650c1
--- a/app/routes/auth.js
+++ b/app/routes/auth.js
@@ -9,7 +9,7 @@ const Invite = require(ModelPath + 'Invite.js');
 const passport = require('passport');

 const canonicalizeRequest = require('../util/canonicalize').canonicalizeRequest;
 const requireAuth = require('../util/requireAuth');
 const requireAuth = require('../util/auth').requireAuth;
 const wrap = require('../util/wrap.js');
 const verifyBody = require('../util/verifyBody');

--- a/app/routes/invite.js
+++ b/app/routes/invite.js
@@ -7,7 +7,7 @@ const Invite = require(ModelPath + 'Invite.js');
 const User = require(ModelPath + 'User.js');

 const wrap = require('../util/wrap.js');
 const requireAuth = require('../util/requireAuth');
 const requireAuth = require('../util/auth').requireAuth;
 const verifyScope = require('../util/verifyScope');
 const verifyBody = require('../util/verifyBody');

--- a/app/util/auth.js
+++ b/app/util/auth.js
@@ -0,0 +1,62 @@
 const ModelPath = '../models/';
 const Key = require(ModelPath + 'Key.js');

 const wrap = require('./wrap.js');
 const verifyScope = require('./verifyScope.js');

 const checkSession = (req, scope, status) => {
    if (req.isAuthenticated()) {
        status.authenticated = true;
        if (!scope || verifyScope(req.session.passport.scope, scope)) {
            req.username = req.session.passport.user;
            req.displayname = req.session.passport.displayname;
            req.scope = req.session.passport.scope;
            req.key = null;
            status.permission = true;
        }
    }
 };

 const checkKey = async (req, scope, status) => {
    if (req.body.key) {
        const key = await Key.findOne({key: req.body.key});
        if (key) {
            status.authenticated = true;
            if (!scope || verifyScope(key.scope, scope)) {
                req.username = key.issuer;
                req.displayname = key.issuer;
                req.scope = key.scope;
                req.key = key.key;
                status.permission = true;
            }
        }
    }
 };

 // Middleware that checks for authentication by either API key or session
 // sets req.username, req.displayname, req.scope, and req.key if authenticated properly,
 // otherwise throws an error code
 const auth = scope =>
    wrap(async (req, res, next) => {
        const status = {
            authenticated: false,
            permission: false
        };

        // First, check the session
        checkSession(req, scope, status);
        // If not authenticated yet, check for a key
        if (!status.authenticated)
            await checkKey(req, scope, status);

        if (!status.authenticated)
            return res.status(401).json({message: 'Unauthorized.'});
        else if (!status.permission)
            return res.status(403).json({message: 'Forbidden.'});
        else
            next();
    });

 module.exports.checkSession = checkSession;
 module.exports.checkKey = checkKey;
 module.exports.requireAuth = auth;
--- a/app/util/requireAuth.js
+++ b/app/util/requireAuth.js
@@ -1,39 +0,0 @@
 const Key = require('../models/Key.js');
 const wrap = require('./wrap.js');

 const verifyScope = require('./verifyScope.js');

 // Checks for authentication by either API Key or Session
 // Sets body.authUser and body.authKey if check passed
 // If the request is authenticated and has the desired scope, continue.
 // If the request is authenticated, but lacks the required scope, return 403 Forbidden.
 // If the request is unauthenticated, return 401 Unauthorized.
 const requireAuth = scope =>
    wrap(async (req, res, next) => {
        if (req.isAuthenticated()) {
            if (scope ? verifyScope(req.session.passport.scope, scope) : true) {
                req.username = req.session.passport.user;
                req.displayname = req.session.passport.displayname;
                req.scope = req.session.passport.scope;
                req.key = null;
                next();
            } else {
                res.status(403).json({message: 'Forbidden.'});
            }
        } else if (req.body.key) {
            const key = await Key.findOne({key: key});
            if (scope ? verifyScope(key.scope, scope) : true) {
                req.username = key.issuer;
                req.displayname = key.issuer;
                req.scope = key.scope;
                req.key = key.key;
                next();
            } else {
                res.status(403).json({message: 'Forbidden.'});
            }
        } else {
            res.status(401).json({'message': 'Unauthorized.'});
        }
    });

 module.exports = requireAuth;