opt-cc/api/middleware/auth-middleware.js

48 lines
1.2 KiB
JavaScript
Raw Normal View History

"use strict";
2017-05-10 11:04:06 +02:00
const jwt = require('jsonwebtoken');
const config = require('../config/config');
2017-06-08 13:14:53 +02:00
const AppUser = require('../models/app-user');
2017-05-10 11:04:06 +02:00
const apiAuthentication = (req, res, next) => {
// check header or url parameters or post parameters for token
const token = req.body.token || req.query.token || req.headers['x-access-token'];
// decode token
if (token) {
// verifies secret and checks exp
jwt.verify(token, config.secret, (err, decoded) => {
if (err) {
return res.status(403).json({success: false, message: 'Failed to authenticate token.'});
} else {
// if everything is good, save to request for use in other routes
req.decoded = decoded;
2017-06-08 13:14:53 +02:00
AppUser.findById(decoded.sub, (err, item) => {
if (err) {
return res.status(403).send({
success: false,
message: 'token is not associated to any actual user'
});
}
req.user = item;
next();
});
2017-05-10 11:04:06 +02:00
}
});
} else {
// if there is no token
// return an error
return res.status(403).send({
success: false,
message: 'No token provided.'
});
}
};
module.exports = apiAuthentication;