mirror of
https://github.com/openstf/stf
synced 2025-10-04 18:29:17 +02:00
75 lines
1.9 KiB
JavaScript
75 lines
1.9 KiB
JavaScript
var jwtutil = require('../../../util/jwtutil')
|
|
var urlutil = require('../../../util/urlutil')
|
|
var logger = require('../../../util/logger')
|
|
var dbapi = require('../../../db/api')
|
|
|
|
var log = logger.createLogger('api:helpers:securityHandlers')
|
|
|
|
module.exports = {
|
|
accessTokenAuth: accessTokenAuth
|
|
}
|
|
|
|
function accessTokenAuth(req, res, next) {
|
|
if (req.headers.authorization) {
|
|
var tokenId = req.headers.authorization.split(" ")[1]
|
|
|
|
if (tokenId) {
|
|
dbapi.loadAccessToken(tokenId)
|
|
.then(function(token) {
|
|
var jwt = token.jwt
|
|
, data = jwtutil.decode(jwt, req.options.secret)
|
|
|
|
if (data) {
|
|
dbapi.loadUser(data.email)
|
|
.then(function(user) {
|
|
if (user) {
|
|
req.user = user
|
|
next()
|
|
}
|
|
})
|
|
} else {
|
|
res.json(500, {
|
|
success: false
|
|
})
|
|
}
|
|
})
|
|
.catch(function(err) {
|
|
log.error('Failed to load token: ', err.stack)
|
|
res.json(401, {
|
|
success: false,
|
|
description: 'Bad credentials'
|
|
})
|
|
})
|
|
} else {
|
|
log.error('Bad Access Token Header')
|
|
res.json(401, {
|
|
success: false,
|
|
description: 'Bad credentials'
|
|
})
|
|
}
|
|
}
|
|
// Request is coming from browser app
|
|
// TODO: Remove this once frontend become stateless
|
|
// and start sending request without session
|
|
else if (req.session && req.session.jwt) {
|
|
dbapi.loadUser(req.session.jwt.email)
|
|
.then(function(user) {
|
|
if (user) {
|
|
req.user = user
|
|
next()
|
|
}
|
|
else {
|
|
res.json(500, {
|
|
success: false
|
|
})
|
|
}
|
|
})
|
|
.catch(next)
|
|
}
|
|
else {
|
|
res.json(401, {
|
|
success: false,
|
|
description: 'Requires authentication'
|
|
})
|
|
}
|
|
}
|