From a3de70e2dad769197bcc7cb36e47d0797ea59e9b Mon Sep 17 00:00:00 2001 From: KevinMidboe Date: Wed, 27 Sep 2017 16:25:54 +0200 Subject: [PATCH] Created a middleware for requests that checks for a token in the Authentication field in the header and verifies that the token is valid for a user. --- .../middleware/mustBeAuthenticated.js | 11 ++++++++++ .../src/webserver/middleware/tokenToUser.js | 22 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 seasoned_api/src/webserver/middleware/mustBeAuthenticated.js create mode 100644 seasoned_api/src/webserver/middleware/tokenToUser.js diff --git a/seasoned_api/src/webserver/middleware/mustBeAuthenticated.js b/seasoned_api/src/webserver/middleware/mustBeAuthenticated.js new file mode 100644 index 0000000..7613179 --- /dev/null +++ b/seasoned_api/src/webserver/middleware/mustBeAuthenticated.js @@ -0,0 +1,11 @@ +const mustBeAuthenticated = (req, res, next) => { + + if (req.loggedInUser === undefined) { + return res.status(401).send({ + success: false, + error: 'You must be logged in.', + }); } + return next(); +}; + +module.exports = mustBeAuthenticated; diff --git a/seasoned_api/src/webserver/middleware/tokenToUser.js b/seasoned_api/src/webserver/middleware/tokenToUser.js new file mode 100644 index 0000000..08e8f2a --- /dev/null +++ b/seasoned_api/src/webserver/middleware/tokenToUser.js @@ -0,0 +1,22 @@ +/* eslint-disable no-param-reassign */ +const configuration = require('src/config/configuration').getInstance(); +const secret = configuration.get('authentication', 'secret'); +const Token = require('src/user/token'); + +// Token example: +// curl -i -H "Authorization:[token]" localhost:31459/api/v1/user/history + +const tokenToUser = (req, res, next) => { + const rawToken = req.headers.authorization; + if (rawToken) { + try { + const token = Token.fromString(rawToken, secret); + req.loggedInUser = token.user; + } catch (error) { + req.loggedInUser = undefined; + } + } + next(); +}; + +module.exports = tokenToUser;