refactor security handler

2025-10-04 18:29:17 +02:00 · 2015-12-14 15:06:46 +09:00 · 2015-12-14 15:06:46 +09:00 · 87fcf19406
commit 87fcf19406
parent fa9ee605f3
1 changed files with 43 additions and 30 deletions
--- a/lib/units/api/helpers/securityHandlers.js
+++ b/lib/units/api/helpers/securityHandlers.js
@ -16,46 +16,59 @@ function accessTokenAuth(req, res, next) {
      , tokenId = authHeader[1]

    if (format !== 'bearer') {
-      res.status(401).json({
+      return res.status(401).json({
        success: false
      , description: 'Authorization header should be in "bearer $AUTH_TOKEN" format'
      })
    }

-    if (tokenId) {
-      dbapi.loadAccessToken(tokenId)
-        .then(function(token) {
-          var jwt = token.jwt
-            , data = jwtutil.decode(jwt, req.options.secret)
+    if (!tokenId) {
+      log.error('Bad Access Token Header')
+      return res.status(401).json({
+        success: false
+      , description: 'Bad Credentials'
+      })
+    }

-          if (data) {
-            dbapi.loadUser(data.email)
-              .then(function(user) {
-                if (user) {
-                  req.user = user
-                  next()
-                }
-              })
+    dbapi.loadAccessToken(tokenId)
+      .then(function(token) {
+        if (!token) {
+          return res.status(401).json({
+            success: false
+          , description: 'Bad Credentials'
+          })
+        }
+
+        var jwt = token.jwt
+          , data = jwtutil.decode(jwt, req.options.secret)
+
+        if (!data) {
+          return res.status(500).json({
+            success: false
+          })
+        }
+        dbapi.loadUser(data.email)
+          .then(function(user) {
+            if (user) {
+              req.user = user
+              next()
            } else {
-              res.status(500).json({
+              return res.status(500).json({
                success: false
              })
            }
          })
-        .catch(function(err) {
-          log.error('Failed to load token: ', err.stack)
-          res.status(401).json({
-            success: false,
-            description: 'Bad Credentials'
+          .catch(function(err) {
+            log.error('Failed to load user: ', err.stack)
          })
-        })
-    } else {
-      log.error('Bad Access Token Header')
-      res.status(401).json({
-        success: false,
-        description: 'Bad Credentials'
      })
-    }
+      .catch(function(err) {
+        log.error('Failed to load token: ', err.stack)
+        return res.status(401).json({
+          success: false
+        , description: 'Bad Credentials'
+        })
+      })
  }
  // Request is coming from browser app
  // TODO: Remove this once frontend become stateless
@ -68,7 +81,7 @@ function accessTokenAuth(req, res, next) {
          next()
        }
        else {
-          res.json(500, {
+          return res.status(500).json({
            success: false
          })
        }
@ -77,8 +90,8 @@ function accessTokenAuth(req, res, next) {
  }
  else {
    res.status(401).json({
-      success: false,
-      description: 'Requires Authentication'
+      success: false
+    , description: 'Requires Authentication'
    })
  }
 }