Add auth middleware in api unit. Now only authorized user can access api unit

lib/units/api/middleware/auth.js

@@ -0,0 +1,65 @@
+var jwtutil = require('../../../util/jwtutil')
+var urlutil = require('../../../util/urlutil')
+var logger = require('../../../util/logger')
+var dbapi = require('../../../db/api')
+
+module.exports = function(options) {
+  return function(req, res, next) {
+
+    var log = logger.createLogger('api:auth')
+
+    if (req.headers.authorization) {
+      var tokenId = req.headers.authorization.split(" ")[1]
+
+      if (tokenId) {
+        dbapi.loadAccessToken(tokenId)
+          .then(function(token) {
+            var jwt = token.jwt
+              , data = jwtutil.decode(jwt, options.secret)
+
+            if (data) {
+              dbapi.loadUser(data.email)
+                .then(function(user) {
+                  if (user) {
+                    req.user = user
+                    next()
+                  }
+                })
+              }
+            })
+          .catch(function(err) {
+            log.error('Failed to load token: ', err.stack)
+            res.json(500, {
+              success: false,
+              description: "Bad Access Token"
+            })
+          })
+      } else {
+        log.error("Bad Access Token")
+        res.json(500, {
+          success: false,
+          description: "Bad Access Token Header"
+        })
+      }
+    }
+    // TODO: Remove this once frontend become stateless
+    else if (req.session && req.session.jwt) {
+      dbapi.loadUser(req.session.jwt.email)
+        .then(function(user) {
+          if (user) {
+            req.user = user
+            next()
+          }
+          else {
+            // We no longer have the user in the database
+            res.redirect(options.authUrl)
+          }
+        })
+        .catch(next)
+    }
+    else {
+      // No session, forward to auth client
+     res.redirect(options.authUrl)
+    }
+  }
+}