Separate client and server codes. Keep everything in one git repo for simplicity

[vchess.git] / server / utils / access.js

diff --git a/server/utils/access.js b/server/utils/access.js
new file mode 100644 (file)
index 0000000..20f3f79
--- /dev/null
+++ b/server/utils/access.js
@@ -0,0 +1,68 @@
+var UserModel = require("../models/User");
+
+module.exports =
+{
+       // Prevent access to "users pages"
+       logged: function(req, res, next) {
+               const callback = () => {
+                       if (!loggedIn)
+                               return res.redirect("/");
+                       next();
+               };
+               let loggedIn = undefined;
+               if (!req.cookies.token)
+               {
+                       loggedIn = false;
+                       callback();
+               }
+               else
+               {
+                       UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
+                               if (!!user)
+                               {
+                                       req.userId = user.id;
+                                       req.userName = user.name;
+                                       loggedIn = true;
+                               }
+                               else
+                               {
+                                       // Token in cookies presumably wrong: erase it
+                                       res.clearCookie("token");
+                                       res.clearCookie("id");
+                                       res.clearCookie("name");
+                                       loggedIn = false;
+                               }
+                               callback();
+                       });
+               }
+       },
+
+       // Prevent access to "anonymous pages"
+       unlogged: function(req, res, next) {
+               // Just a quick heuristic, which should be enough
+               const loggedIn = !!req.cookies.token;
+               if (loggedIn)
+                       return res.redirect("/");
+               next();
+       },
+
+       // Prevent direct access to AJAX results
+       ajax: function(req, res, next) {
+               if (!req.xhr)
+                       return res.json({errmsg: "Unauthorized access"});
+               next();
+       },
+
+       // Check for errors before callback (continue page loading). TODO: better name.
+       checkRequest: function(res, err, out, msg, cb) {
+               if (!!err)
+                       return res.json({errmsg: err.errmsg || err.toString()});
+               if (!out
+                       || (Array.isArray(out) && out.length == 0)
+                       || (typeof out === "object" && Object.keys(out).length == 0))
+               {
+                       return res.json({errmsg: msg});
+               }
+               cb();
+       },
+}