shimapan/app/util/auth/authenticateRequest.js

const config = require('config');
const authenticate = require('./authenticate');
const rateLimit = require('../rateLimit');

const authenticateRequest = scope => (req, res, next) => {
    rateLimit(config.get('RateLimit.api.window'), config.get('RateLimit.api.max'))(req, res, async () => {
        const status = await authenticate(req, scope);
        if (status.authenticated) {
            if (status.permission) {
                next();
            } else res.status(403).json({message: 'Forbidden.'});
        } else res.status(401).json({message: 'Unauthorized.'});
    });
};

module.exports = authenticateRequest;