From 639f0ec17aa815cf90241682340f4115bd0ff42e Mon Sep 17 00:00:00 2001
From: KevinMidboe <kevin.midboe@gmail.com>
Date: Mon, 4 Nov 2019 23:04:33 +0100
Subject: [PATCH] Created middleware to check if the user has a plex user
 linked to seasoned account. If not respond with 403 meaning you did have a
 authorization key, but this is forbidden; explaining in the response message
 that no plex account user id was found for this user and to please
 authenticate their plex account at authenticate endpoint.

---
 seasoned_api/src/webserver/app.js             |  1 +
 .../middleware/mustHaveAccountLinkedToPlex.js | 31 +++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 seasoned_api/src/webserver/middleware/mustHaveAccountLinkedToPlex.js

diff --git a/seasoned_api/src/webserver/app.js b/seasoned_api/src/webserver/app.js
index a6219cc..10597f7 100644
--- a/seasoned_api/src/webserver/app.js
+++ b/seasoned_api/src/webserver/app.js
@@ -4,6 +4,7 @@ const bodyParser = require('body-parser');
 const tokenToUser = require('./middleware/tokenToUser');
 const mustBeAuthenticated = require('./middleware/mustBeAuthenticated');
 const mustBeAdmin = require('./middleware/mustBeAdmin');
+const mustHaveAccountLinkedToPlex = require('./middleware/mustHaveAccountLinkedToPlex');
 const configuration = require('src/config/configuration').getInstance();
 
 const listController = require('./controllers/list/listController');
diff --git a/seasoned_api/src/webserver/middleware/mustHaveAccountLinkedToPlex.js b/seasoned_api/src/webserver/middleware/mustHaveAccountLinkedToPlex.js
new file mode 100644
index 0000000..de1ae69
--- /dev/null
+++ b/seasoned_api/src/webserver/middleware/mustHaveAccountLinkedToPlex.js
@@ -0,0 +1,31 @@
+const establishedDatabase = require('src/database/database');
+
+const mustHaveAccountLinkedToPlex = (req, res, next) => {
+   let database = establishedDatabase;
+   const loggedInUser = req.loggedInUser;
+
+   if (loggedInUser === undefined) {
+      return res.status(401).send({
+         success: false,
+         message: 'You must be logged in.',
+      });
+   } else {
+      database.get(`SELECT plex_userid FROM user WHERE user_name IS ?`, loggedInUser.username)
+      .then(row => {
+         const plex_userid = row.plex_userid;
+
+         if (plex_userid === null || plex_userid === undefined) {
+            return res.status(403).send({
+               success: false,
+               message: 'No plex account user id found for your user. Please authenticate your plex account at /user/authenticate.'
+            })
+         } else {
+            req.loggedInUser.plex_userid = plex_userid;
+            return next();
+         }
+      })
+   }
+
+};
+
+module.exports = mustHaveAccountLinkedToPlex;