Separate client and server codes. Keep everything in one git repo for simplicity

[vchess.git] / server / utils / access.js

diff --git a/utils/access.js b/server/utils/access.js
similarity index 50%
rename from utils/access.js
rename to server/utils/access.js
index 49d204c..20f3f79 100644 (file)
--- a/utils/access.js
+++ b/server/utils/access.js
@@ -1,15 +1,47 @@
+var UserModel = require("../models/User");
+
 module.exports =
 {
        // Prevent access to "users pages"
        logged: function(req, res, next) {
-               if (req.userId == 0)
-                       return res.redirect("/");
-               next();
+               const callback = () => {
+                       if (!loggedIn)
+                               return res.redirect("/");
+                       next();
+               };
+               let loggedIn = undefined;
+               if (!req.cookies.token)
+               {
+                       loggedIn = false;
+                       callback();
+               }
+               else
+               {
+                       UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
+                               if (!!user)
+                               {
+                                       req.userId = user.id;
+                                       req.userName = user.name;
+                                       loggedIn = true;
+                               }
+                               else
+                               {
+                                       // Token in cookies presumably wrong: erase it
+                                       res.clearCookie("token");
+                                       res.clearCookie("id");
+                                       res.clearCookie("name");
+                                       loggedIn = false;
+                               }
+                               callback();
+                       });
+               }
        },
 
        // Prevent access to "anonymous pages"
        unlogged: function(req, res, next) {
-               if (req.userId > 0)
+               // Just a quick heuristic, which should be enough
+               const loggedIn = !!req.cookies.token;
+               if (loggedIn)
                        return res.redirect("/");
                next();
        },