server/utils/access.js

   1 var UserModel = require("../models/User");
   2
   3 module.exports =
   4 {
   5     // Prevent access to "users pages"
   6     logged: function(req, res, next) {
   7         const callback = () => {
   8             if (!loggedIn)
   9                 return res.redirect("/");
  10             next();
  11         };
  12         let loggedIn = undefined;
  13         if (!req.cookies.token)
  14         {
  15             loggedIn = false;
  16             callback();
  17         }
  18         else
  19         {
  20             UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
  21                 if (!!user)
  22                 {
  23                     req.userId = user.id;
  24                     req.userName = user.name;
  25                     loggedIn = true;
  26                 }
  27                 else
  28                 {
  29                     // Token in cookies presumably wrong: erase it
  30                     res.clearCookie("token");
  31                     res.clearCookie("id");
  32                     res.clearCookie("name");
  33                     loggedIn = false;
  34                 }
  35                 callback();
  36             });
  37         }
  38     },
  39
  40     // Prevent access to "anonymous pages"
  41     unlogged: function(req, res, next) {
  42         // Just a quick heuristic, which should be enough
  43         const loggedIn = !!req.cookies.token;
  44         if (loggedIn)
  45             return res.redirect("/");
  46         next();
  47     },
  48
  49     // Prevent direct access to AJAX results
  50     ajax: function(req, res, next) {
  51         if (!req.xhr)
  52             return res.json({errmsg: "Unauthorized access"});
  53         next();
  54     },
  55
  56     // Check for errors before callback (continue page loading). TODO: better name.
  57     checkRequest: function(res, err, out, msg, cb) {
  58         if (!!err)
  59             return res.json({errmsg: err.errmsg || err.toString()});
  60         if (!out
  61             || (Array.isArray(out) && out.length == 0)
  62             || (typeof out === "object" && Object.keys(out).length == 0))
  63         {
  64             return res.json({errmsg: msg});
  65         }
  66         cb();
  67     },
  68 }