server/utils/access.js

   1 var UserModel = require("../models/User");
   2
   3 module.exports =
   4 {
   5   // Prevent access to "users pages"
   6   logged: function(req, res, next) {
   7     const callback = () => {
   8       if (!loggedIn)
   9         res.json({errmsg: "Error: try to delete cookies"});
  10       else next();
  11     };
  12     let loggedIn = undefined;
  13     if (!req.cookies.token)
  14     {
  15       loggedIn = false;
  16       callback();
  17     }
  18     else
  19     {
  20       UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
  21         if (!!user)
  22         {
  23           req.userId = user.id;
  24           req.userName = user.name;
  25           loggedIn = true;
  26         }
  27         else
  28         {
  29           // Token in cookies presumably wrong: erase it
  30           res.clearCookie("token");
  31           loggedIn = false;
  32         }
  33         callback();
  34       });
  35     }
  36   },
  37
  38   // Prevent access to "anonymous pages"
  39   unlogged: function(req, res, next) {
  40     // Just a quick heuristic, which should be enough
  41     const loggedIn = !!req.cookies.token;
  42     if (loggedIn)
  43       res.json({errmsg: "Error: try to delete cookies"});
  44     else next();
  45   },
  46
  47   // Prevent direct access to AJAX results
  48   ajax: function(req, res, next) {
  49     if (!req.xhr)
  50       res.json({errmsg: "Unauthorized access"});
  51     else next();
  52   },
  53
  54   // Check for errors before callback (continue page loading). TODO: better name.
  55   checkRequest: function(res, err, out, msg, cb) {
  56     if (err)
  57       res.json({errmsg: err.errmsg || err.toString()});
  58     else if (!out
  59       || (Array.isArray(out) && out.length == 0)
  60       || (typeof out === "object" && Object.keys(out).length == 0))
  61     {
  62       res.json({errmsg: msg});
  63     }
  64     else cb();
  65   },
  66 }