X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Futils%2Faccess.js;fp=utils%2Faccess.js;h=20f3f791ae554e55fd2f7ddf3952676ebd3df8bb;hp=49d204c3483818213ea8c2affd4ae085bd9dc6f2;hb=625022fdcf750f0aff8fcd699f7e9b89730e1d10;hpb=b955c65b942d09d24b5c3bed0d755d4f2f8f71f1

diff --git a/utils/access.js b/server/utils/access.js
similarity index 50%
rename from utils/access.js
rename to server/utils/access.js
index 49d204c3..20f3f791 100644
--- a/utils/access.js
+++ b/server/utils/access.js
@@ -1,15 +1,47 @@
+var UserModel = require("../models/User");
+
 module.exports =
 {
 	// Prevent access to "users pages"
 	logged: function(req, res, next) {
-		if (req.userId == 0)
-			return res.redirect("/");
-		next();
+		const callback = () => {
+			if (!loggedIn)
+				return res.redirect("/");
+			next();
+		};
+		let loggedIn = undefined;
+		if (!req.cookies.token)
+		{
+			loggedIn = false;
+			callback();
+		}
+		else
+		{
+			UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
+				if (!!user)
+				{
+					req.userId = user.id;
+					req.userName = user.name;
+					loggedIn = true;
+				}
+				else
+				{
+					// Token in cookies presumably wrong: erase it
+					res.clearCookie("token");
+					res.clearCookie("id");
+					res.clearCookie("name");
+					loggedIn = false;
+				}
+				callback();
+			});
+		}
 	},
 
 	// Prevent access to "anonymous pages"
 	unlogged: function(req, res, next) {
-		if (req.userId > 0)
+		// Just a quick heuristic, which should be enough
+		const loggedIn = !!req.cookies.token;
+		if (loggedIn)
 			return res.redirect("/");
 		next();
 	},