X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Futils%2Faccess.js;fp=server%2Futils%2Faccess.js;h=20f3f791ae554e55fd2f7ddf3952676ebd3df8bb;hb=625022fdcf750f0aff8fcd699f7e9b89730e1d10;hp=0000000000000000000000000000000000000000;hpb=b955c65b942d09d24b5c3bed0d755d4f2f8f71f1;p=vchess.git

diff --git a/server/utils/access.js b/server/utils/access.js
new file mode 100644
index 00000000..20f3f791
--- /dev/null
+++ b/server/utils/access.js
@@ -0,0 +1,68 @@
+var UserModel = require("../models/User");
+
+module.exports =
+{
+	// Prevent access to "users pages"
+	logged: function(req, res, next) {
+		const callback = () => {
+			if (!loggedIn)
+				return res.redirect("/");
+			next();
+		};
+		let loggedIn = undefined;
+		if (!req.cookies.token)
+		{
+			loggedIn = false;
+			callback();
+		}
+		else
+		{
+			UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
+				if (!!user)
+				{
+					req.userId = user.id;
+					req.userName = user.name;
+					loggedIn = true;
+				}
+				else
+				{
+					// Token in cookies presumably wrong: erase it
+					res.clearCookie("token");
+					res.clearCookie("id");
+					res.clearCookie("name");
+					loggedIn = false;
+				}
+				callback();
+			});
+		}
+	},
+
+	// Prevent access to "anonymous pages"
+	unlogged: function(req, res, next) {
+		// Just a quick heuristic, which should be enough
+		const loggedIn = !!req.cookies.token;
+		if (loggedIn)
+			return res.redirect("/");
+		next();
+	},
+
+	// Prevent direct access to AJAX results
+	ajax: function(req, res, next) {
+		if (!req.xhr)
+			return res.json({errmsg: "Unauthorized access"});
+		next();
+	},
+
+	// Check for errors before callback (continue page loading). TODO: better name.
+	checkRequest: function(res, err, out, msg, cb) {
+		if (!!err)
+			return res.json({errmsg: err.errmsg || err.toString()});
+		if (!out
+			|| (Array.isArray(out) && out.length == 0)
+			|| (typeof out === "object" && Object.keys(out).length == 0))
+		{
+			return res.json({errmsg: msg});
+		}
+		cb();
+	},
+}