[vchess.git] / server / utils / access.js

var UserModel = require("../models/User");

module.exports =
{
	// Prevent access to "users pages"
	logged: function(req, res, next) {
		const callback = () => {
			if (!loggedIn)
				return res.redirect("/");
			next();
		};
		let loggedIn = undefined;
		if (!req.cookies.token)
		{
			loggedIn = false;
			callback();
		}
		else
		{
			UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
				if (!!user)
				{
					req.userId = user.id;
					req.userName = user.name;
					loggedIn = true;
				}
				else
				{
					// Token in cookies presumably wrong: erase it
					res.clearCookie("token");
					res.clearCookie("id");
					res.clearCookie("name");
					loggedIn = false;
				}
				callback();
			});
		}
	},

	// Prevent access to "anonymous pages"
	unlogged: function(req, res, next) {
		// Just a quick heuristic, which should be enough
		const loggedIn = !!req.cookies.token;
		if (loggedIn)
			return res.redirect("/");
		next();
	},

	// Prevent direct access to AJAX results
	ajax: function(req, res, next) {
		if (!req.xhr)
			return res.json({errmsg: "Unauthorized access"});
		next();
	},

	// Check for errors before callback (continue page loading). TODO: better name.
	checkRequest: function(res, err, out, msg, cb) {
		if (!!err)
			return res.json({errmsg: err.errmsg || err.toString()});
		if (!out
			|| (Array.isArray(out) && out.length == 0)
			|| (typeof out === "object" && Object.keys(out).length == 0))
		{
			return res.json({errmsg: msg});
		}
		cb();
	},
}
Commit	Line	Data
625022fd BA	1	var UserModel = require("../models/User");
625022fd BA	2
fd08ab2c	3	module.exports =
8d7e2786	4	{
fd08ab2c BA	5	// Prevent access to "users pages"
fd08ab2c BA	6	logged: function(req, res, next) {
625022fd BA	7	const callback = () => {
	8	if (!loggedIn)
	9	return res.redirect("/");
	10	next();
	11	};
	12	let loggedIn = undefined;
	13	if (!req.cookies.token)
	14	{
	15	loggedIn = false;
	16	callback();
	17	}
	18	else
	19	{
	20	UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
	21	if (!!user)
	22	{
	23	req.userId = user.id;
	24	req.userName = user.name;
	25	loggedIn = true;
	26	}
	27	else
	28	{
	29	// Token in cookies presumably wrong: erase it
	30	res.clearCookie("token");
	31	res.clearCookie("id");
	32	res.clearCookie("name");
	33	loggedIn = false;
	34	}
	35	callback();
	36	});
	37	}
fd08ab2c	38	},
8d7e2786	39
fd08ab2c BA	40	// Prevent access to "anonymous pages"
fd08ab2c BA	41	unlogged: function(req, res, next) {
625022fd BA	42	// Just a quick heuristic, which should be enough
	43	const loggedIn = !!req.cookies.token;
	44	if (loggedIn)
fd08ab2c BA	45	return res.redirect("/");
	46	next();
	47	},
8d7e2786	48
fd08ab2c BA	49	// Prevent direct access to AJAX results
	50	ajax: function(req, res, next) {
	51	if (!req.xhr)
	52	return res.json({errmsg: "Unauthorized access"});
	53	next();
	54	},
8d7e2786	55
fd08ab2c BA	56	// Check for errors before callback (continue page loading). TODO: better name.
	57	checkRequest: function(res, err, out, msg, cb) {
	58	if (!!err)
	59	return res.json({errmsg: err.errmsg \|\| err.toString()});
	60	if (!out
	61	\|\| (Array.isArray(out) && out.length == 0)
	62	\|\| (typeof out === "object" && Object.keys(out).length == 0))
	63	{
	64	return res.json({errmsg: msg});
	65	}
	66	cb();
	67	},
8d7e2786	68	}