X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Futils%2Faccess.js;h=66ff95203b06970e3a3f3a47880b20caa3aa06d2;hb=675b8e7741527a3d625633762e7836e8bcdcb6b4;hp=a7eb92ac6ea5c71309cb857356ffd721f7619cb4;hpb=98f485791e915563996de4f37430b285ffc773ae;p=vchess.git diff --git a/server/utils/access.js b/server/utils/access.js index a7eb92ac..66ff9520 100644 --- a/server/utils/access.js +++ b/server/utils/access.js @@ -2,67 +2,55 @@ var UserModel = require("../models/User"); module.exports = { - // Prevent access to "users pages" - logged: function(req, res, next) { - const callback = () => { - if (!loggedIn) - return res.json({errmsg: "Not logged in"}); - next(); - }; - let loggedIn = undefined; - if (!req.cookies.token) - { - loggedIn = false; - callback(); - } - else - { - UserModel.getOne("sessionToken", req.cookies.token, function(err, user) { - if (!!user) - { - req.userId = user.id; - req.userName = user.name; - loggedIn = true; - } - else - { - // Token in cookies presumably wrong: erase it - res.clearCookie("token"); - res.clearCookie("id"); - res.clearCookie("name"); - loggedIn = false; - } - callback(); - }); - } - }, + // Prevent access to "users pages" + logged: function(req, res, next) { + const callback = () => { + if (!loggedIn) + res.json({ errmsg: "Error: try to delete cookies" }); + else next(); + }; + let loggedIn = undefined; + if (!req.cookies.token) { + loggedIn = false; + callback(); + } else { + UserModel.getOne("sessionToken", req.cookies.token, (err, user) => { + if (!!user) { + req.userId = user.id; + loggedIn = true; + } else { + // Token in cookies presumably wrong: erase it + res.clearCookie("token"); + loggedIn = false; + } + callback(); + }); + } + }, - // Prevent access to "anonymous pages" - unlogged: function(req, res, next) { - // Just a quick heuristic, which should be enough - const loggedIn = !!req.cookies.token; - if (loggedIn) - return res.json({errmsg: "Already logged in"}); - next(); - }, + // Prevent access to "anonymous pages" + unlogged: function(req, res, next) { + // Just a quick heuristic, which should be enough + const loggedIn = !!req.cookies.token; + if (loggedIn) res.json({ errmsg: "Error: try to delete cookies" }); + else next(); + }, - // Prevent direct access to AJAX results - ajax: function(req, res, next) { - if (!req.xhr) - return res.json({errmsg: "Unauthorized access"}); - next(); - }, + // Prevent direct access to AJAX results + ajax: function(req, res, next) { + if (!req.xhr) res.json({ errmsg: "Unauthorized access" }); + else next(); + }, - // Check for errors before callback (continue page loading). TODO: better name. - checkRequest: function(res, err, out, msg, cb) { - if (!!err) - return res.json({errmsg: err.errmsg || err.toString()}); - if (!out - || (Array.isArray(out) && out.length == 0) - || (typeof out === "object" && Object.keys(out).length == 0)) - { - return res.json({errmsg: msg}); - } - cb(); - }, + // Check for errors before callback (continue page loading). (TODO: name?) + checkRequest: function(res, err, out, msg, cb) { + if (!!err) res.json({ errmsg: err.errmsg || err.toString() }); + else if ( + !out || + (Array.isArray(out) && out.length == 0) || + (typeof out === "object" && Object.keys(out).length == 0) + ) { + res.json({ errmsg: msg }); + } else cb(); + } }