-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
Copy pathauth.service.js
87 lines (80 loc) · 2.34 KB
/
auth.service.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
'use strict';
import passport from 'passport';
import config from '../config/environment';
import jwt from 'jsonwebtoken';
import expressJwt from 'express-jwt';
import compose from 'composable-middleware';<% if (filters.mongooseModels) { %>
import User from '../api/user/user.model';<% } %><% if (filters.sequelizeModels) { %>
import {User} from'../sqldb';<% } %>
var validateJwt = expressJwt({
secret: config.secrets.session
});
/**
* Attaches the user object to the request if authenticated
* Otherwise returns 403
*/
export function isAuthenticated() {
return compose()
// Validate jwt
.use(function(req, res, next) {
// allow access_token to be passed through query parameter as well
if (req.query && req.query.hasOwnProperty('access_token')) {
req.headers.authorization = 'Bearer ' + req.query.access_token;
}
validateJwt(req, res, next);
})
// Attach user to request
.use(function(req, res, next) {
<% if (filters.mongooseModels) { %>User.findById(req.user._id).exec()<% }
if (filters.sequelizeModels) { %>User.find({
where: {
_id: req.user._id
}
})<% } %>
.then(user => {
if (!user) {
return res.status(401).end();
}
req.user = user;
next();
})
.catch(err => next(err));
});
}
/**
* Checks if the user role meets the minimum requirements of the route
*/
export function hasRole(roleRequired) {
if (!roleRequired) {
throw new Error('Required role needs to be set');
}
return compose()
.use(isAuthenticated())
.use(function meetsRequirements(req, res, next) {
if (config.userRoles.indexOf(req.user.role) >=
config.userRoles.indexOf(roleRequired)) {
next();
} else {
res.status(403).send('Forbidden');
}
});
}
/**
* Returns a jwt token signed by the app secret
*/
export function signToken(id, role) {
return jwt.sign({ _id: id, role: role }, config.secrets.session, {
expiresIn: 60 * 60 * 5
});
}
/**
* Set token cookie directly for oAuth strategies
*/
export function setTokenCookie(req, res) {
if (!req.user) {
return res.status(404).send('It looks like you aren\'t logged in, please try again.');
}
var token = signToken(req.user._id, req.user.role);
res.cookie('token', token);
res.redirect('/');
}