[qomet.git] / utils / access.js

const _ = require("underscore");
const UserEntity = require("../entities/user");

let Access =
{
	getUser: function(req, res, callback)
	{
		if (!res.locals.loggedIn)
			return callback({errmsg: "Not logged in!"}, undefined);
		UserEntity.getBySessionToken(req.cookies.token, function(err, user) {
			if (!user)
				return callback({errmsg: "Not logged in!"}, undefined);
			return callback(null, user);
		});
	},

	// Before loading sensible content, check + save credentials
	logged: function(req, res, next)
	{
		Access.getUser(req, res, (err,user) => {
			if (!!err)
				return res.json(err);
			req.user = user;
			next();
		});
	},

	// Prevent access to "anonymous pages"
	unlogged: function(req, res, next)
	{
		if (!!req.user)
			return res.json({errmsg: "Already logged in!"});
		next();
	},

	// Prevent direct access to AJAX results
	ajax: function(req, res, next)
	{
		if (!req.xhr)
			return res.json({errmsg: "Unauthorized access"});
		next();
	},

	// Check for errors before callback (continue page loading). TODO: better name.
	checkRequest: function(res, err, out, msg, cb)
	{
		if (!!err)
			return res.json(err);
		if (!out || _.isEmpty(out))
			return res.json({errmsg: msg});
		cb();
	},
};

module.exports = Access;
Commit	Line	Data
	1	const _ = require("underscore");
	2	const UserEntity = require("../entities/user");
	3
	4	let Access =
	5	{
	6	getUser: function(req, res, callback)
	7	{
	8	if (!res.locals.loggedIn)
	9	return callback({errmsg: "Not logged in!"}, undefined);
	10	UserEntity.getBySessionToken(req.cookies.token, function(err, user) {
	11	if (!user)
	12	return callback({errmsg: "Not logged in!"}, undefined);
	13	return callback(null, user);
	14	});
	15	},
	16
	17	// Before loading sensible content, check + save credentials
	18	logged: function(req, res, next)
	19	{
	20	Access.getUser(req, res, (err,user) => {
	21	if (!!err)
	22	return res.json(err);
	23	req.user = user;
	24	next();
	25	});
	26	},
	27
	28	// Prevent access to "anonymous pages"
	29	unlogged: function(req, res, next)
	30	{
	31	if (!!req.user)
	32	return res.json({errmsg: "Already logged in!"});
	33	next();
	34	},
	35
	36	// Prevent direct access to AJAX results
	37	ajax: function(req, res, next)
	38	{
	39	if (!req.xhr)
	40	return res.json({errmsg: "Unauthorized access"});
	41	next();
	42	},
	43
	44	// Check for errors before callback (continue page loading). TODO: better name.
	45	checkRequest: function(res, err, out, msg, cb)
	46	{
	47	if (!!err)
	48	return res.json(err);
	49	if (!out \|\| _.isEmpty(out))
	50	return res.json({errmsg: msg});
	51	cb();
	52	},
	53	};
	54
	55	module.exports = Access;