X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Futils%2Faccess.js;h=d51c4b77c6b673780810ee7d71448c342871ff9e;hp=2e2fa92d05144933749cd94c3dd95a608b6e7a1a;hb=dac395887d96e2d642b209c6db6aaacc3ffacb34;hpb=5fde3a01497262862afc4cb4c9457d4e0ad69a4a diff --git a/server/utils/access.js b/server/utils/access.js index 2e2fa92d..d51c4b77 100644 --- a/server/utils/access.js +++ b/server/utils/access.js @@ -2,65 +2,65 @@ var UserModel = require("../models/User"); module.exports = { - // Prevent access to "users pages" - logged: function(req, res, next) { - const callback = () => { - if (!loggedIn) - return res.json({errmsg: "Not logged in"}); - next(); - }; - let loggedIn = undefined; - if (!req.cookies.token) - { - loggedIn = false; - callback(); - } - else - { - UserModel.getOne("sessionToken", req.cookies.token, function(err, user) { - if (!!user) - { - req.userId = user.id; - req.userName = user.name; - loggedIn = true; - } - else - { - // Token in cookies presumably wrong: erase it - res.clearCookie("token"); - loggedIn = false; - } - callback(); - }); - } - }, + // Prevent access to "users pages" + logged: function(req, res, next) { + const callback = () => { + if (!loggedIn) + return res.json({errmsg: "Not logged in"}); + next(); + }; + let loggedIn = undefined; + if (!req.cookies.token) + { + loggedIn = false; + callback(); + } + else + { + UserModel.getOne("sessionToken", req.cookies.token, function(err, user) { + if (!!user) + { + req.userId = user.id; + req.userName = user.name; + loggedIn = true; + } + else + { + // Token in cookies presumably wrong: erase it + res.clearCookie("token"); + loggedIn = false; + } + callback(); + }); + } + }, - // Prevent access to "anonymous pages" - unlogged: function(req, res, next) { - // Just a quick heuristic, which should be enough - const loggedIn = !!req.cookies.token; - if (loggedIn) - return res.json({errmsg: "Already logged in"}); - next(); - }, + // Prevent access to "anonymous pages" + unlogged: function(req, res, next) { + // Just a quick heuristic, which should be enough + const loggedIn = !!req.cookies.token; + if (loggedIn) + return res.json({errmsg: "Already logged in"}); + next(); + }, - // Prevent direct access to AJAX results - ajax: function(req, res, next) { + // Prevent direct access to AJAX results + ajax: function(req, res, next) { if (!req.xhr) - return res.json({errmsg: "Unauthorized access"}); - next(); - }, + return res.json({errmsg: "Unauthorized access"}); + next(); + }, - // Check for errors before callback (continue page loading). TODO: better name. - checkRequest: function(res, err, out, msg, cb) { - if (!!err) - return res.json({errmsg: err.errmsg || err.toString()}); - if (!out - || (Array.isArray(out) && out.length == 0) - || (typeof out === "object" && Object.keys(out).length == 0)) - { - return res.json({errmsg: msg}); - } - cb(); - }, + // Check for errors before callback (continue page loading). TODO: better name. + checkRequest: function(res, err, out, msg, cb) { + if (!!err) + return res.json({errmsg: err.errmsg || err.toString()}); + if (!out + || (Array.isArray(out) && out.length == 0) + || (typeof out === "object" && Object.keys(out).length == 0)) + { + return res.json({errmsg: msg}); + } + cb(); + }, }