pub-solar/obs-portal
5
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat: load user object in auth middleware chain

Browse source
This commit is contained in:
Paul Bienkowski 2020-11-24 00:29:16 +01:00
parent 393fc3dbb2
commit 29269dcfcd
3 changed files with 29 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app.js
View file

@ -14,6 +14,7 @@ const app = express();
app.use(cors()); app.use(cors());
app.use(auth.getUserIdMiddleware); app.use(auth.getUserIdMiddleware);
app.use(auth.loadUserMiddleware);
// Normal express config defaults // Normal express config defaults
app.use(require('morgan')('dev')); app.use(require('morgan')('dev'));

2
models/User.js
View file

@ -130,3 +130,5 @@ UserSchema.methods.isFollowing = function (id) {
}; };
mongoose.model('User', UserSchema); mongoose.model('User', UserSchema);
module.exports = mongoose.model('User')

27
routes/auth.js
View file

@ -1,5 +1,6 @@
const jwt = require('express-jwt'); const jwt = require('express-jwt');
const secret = require('../config').secret; const secret = require('../config').secret;
const User = require('../models/User');
function getTokenFromHeader(req) { function getTokenFromHeader(req) {
const authorization = req.headers.authorization; const authorization = req.headers.authorization;
@ -20,7 +21,7 @@ const jwtOptional = jwt({
algorithms: ['HS256'], algorithms: ['HS256'],
}); });
function getUserIdMiddleware(req, res, next) { async function getUserIdMiddleware(req, res, next) {
try { try {
const authorization = req.headers.authorization; const authorization = req.headers.authorization;
const [tokenType, token] = (authorization && authorization.split(' ')) || []; const [tokenType, token] = (authorization && authorization.split(' ')) || [];
@ -30,6 +31,13 @@ function getUserIdMiddleware(req, res, next) {
} else if (tokenType === 'OBSUserId') { } else if (tokenType === 'OBSUserId') {
req.payload = { id: token.trim() }; req.payload = { id: token.trim() };
next(); next();
} else if (!authorization && req.body && req.body.id && req.body.id.length === 24) {
const user = await User.findById(req.body.id);
if (user) {
req.payload = { id: user.id };
req.user = user;
}
next();
} else { } else {
req.payload = null; req.payload = null;
next(); next();
@ -39,6 +47,22 @@ function getUserIdMiddleware(req, res, next) {
} }
} }
async function loadUserMiddleware(req, res, next) {
try {
if (req.payload && req.payload.id) {
req.user = await User.findById(req.payload.id);
if (!req.user) {
return res.sendStatus(401);
}
}
next();
} catch (err) {
next(err);
}
}
module.exports = { module.exports = {
required(req, res, next) { required(req, res, next) {
if (!req.payload) { if (!req.payload) {
@ -51,4 +75,5 @@ module.exports = {
return next(); return next();
}, },
getUserIdMiddleware, getUserIdMiddleware,
loadUserMiddleware,
}; };