Ensure that each request has a corresponding user in the database.

2025-10-05 02:29:26 +02:00 · 2014-02-03 14:23:05 +09:00 · 2014-02-03 14:23:05 +09:00 · 59178ee837
commit 59178ee837
parent b84968c08c
2 changed files with 21 additions and 5 deletions
--- a/lib/middleware/auth.js
+++ b/lib/middleware/auth.js
@ -24,8 +24,19 @@ module.exports = function(options) {
      }
    }
    else if (req.session && req.session.jwt) {
-      // Continue existing session
-      next()
+      dbapi.loadUser(req.session.jwt.email)
+        .then(function(user) {
+          if (user) {
+            // Continue existing session
+            req.user = user
+            next()
+          }
+          else {
+            // We no longer have the user in the database
+            res.redirect(options.authUrl)
+          }
+        })
+        .catch(next)
    }
    else {
      // No session, forward to auth client
--- a/lib/roles/app.js
+++ b/lib/roles/app.js
@ -92,7 +92,7 @@ module.exports = function(options) {
  app.get('/api/v1/user', function(req, res) {
    res.json({
      success: true
-    , user: req.session.jwt
+    , user: req.user
    })
  })

@ -147,8 +147,13 @@ module.exports = function(options) {
            handshake.session = handshake.signedCookies[options.ssid]
            return dbapi.loadUser(handshake.session.jwt.email)
              .then(function(user) {
-                handshake.user = user
-                accept(null, true)
+                if (user) {
+                  handshake.user = user
+                  accept(null, true)
+                }
+                else {
+                  accept(null, false)
+                }
              })
          }
          else {