X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Futils%2Faccess.js;h=732353f2d75ee3b1fd8b902e60f0a7e290c975b0;hb=0234201fb338fc239d6f613c677fa932c7c3697c;hp=11753a0a718b0e4ee9bdf4e1529b4054f3dfd33b;hpb=317b8a5610953b30cfb84382bd13764177ce830b;p=vchess.git diff --git a/server/utils/access.js b/server/utils/access.js index 11753a0a..732353f2 100644 --- a/server/utils/access.js +++ b/server/utils/access.js @@ -2,67 +2,56 @@ var UserModel = require("../models/User"); module.exports = { - // Prevent access to "users pages" - logged: function(req, res, next) { - const callback = () => { - if (!loggedIn) - return res.json({errmsg: "Not logged in"}); - next(); - }; - let loggedIn = undefined; - if (!req.cookies.token) - { - loggedIn = false; - callback(); - } - else - { - UserModel.getOne("sessionToken", req.cookies.token, function(err, user) { - if (!!user) - { - req.userId = user.id; - req.userName = user.name; - loggedIn = true; - } - else - { - // Token in cookies presumably wrong: erase it - res.clearCookie("token"); - res.clearCookie("id"); - res.clearCookie("name"); - loggedIn = false; - } - callback(); - }); - } - }, + // Prevent access to "users pages" + logged: function(req, res, next) { + const callback = () => { + if (!loggedIn) + res.json({errmsg: "Error: try to delete cookies"}); + else next(); + }; + let loggedIn = undefined; + if (!req.cookies.token) { + loggedIn = false; + callback(); + } else { + UserModel.getOne("sessionToken", req.cookies.token, function(err, user) { + if (!!user) { + req.userId = user.id; + req.userName = user.name; + loggedIn = true; + } else { + // Token in cookies presumably wrong: erase it + res.clearCookie("token"); + loggedIn = false; + } + callback(); + }); + } + }, - // Prevent access to "anonymous pages" - unlogged: function(req, res, next) { - // Just a quick heuristic, which should be enough - const loggedIn = !!req.cookies.token; - if (loggedIn) - return res.json({errmsg: "Already logged in"}); - next(); - }, + // Prevent access to "anonymous pages" + unlogged: function(req, res, next) { + // Just a quick heuristic, which should be enough + const loggedIn = !!req.cookies.token; + if (loggedIn) res.json({errmsg: "Error: try to delete cookies"}); + else next(); + }, - // Prevent direct access to AJAX results - ajax: function(req, res, next) { - if (!req.xhr) - return res.json({errmsg: "Unauthorized access"}); - next(); - }, + // Prevent direct access to AJAX results + ajax: function(req, res, next) { + if (!req.xhr) res.json({errmsg: "Unauthorized access"}); + else next(); + }, - // Check for errors before callback (continue page loading). TODO: better name. - checkRequest: function(res, err, out, msg, cb) { - if (!!err) - return res.json({errmsg: err.errmsg || err.toString()}); - if (!out - || (Array.isArray(out) && out.length == 0) - || (typeof out === "object" && Object.keys(out).length == 0)) - { - return res.json({errmsg: msg}); - } - cb(); - }, + // Check for errors before callback (continue page loading). TODO: better name. + checkRequest: function(res, err, out, msg, cb) { + if (!!err) res.json({errmsg: err.errmsg || err.toString()}); + else if ( + !out || + (Array.isArray(out) && out.length == 0) || + (typeof out === "object" && Object.keys(out).length == 0) + ) { + res.json({errmsg: msg}); + } else cb(); + } }