| 1 | var Access = {}; |
| 2 | |
| 3 | // Prevent access to "users pages" |
| 4 | Access.logged = function(req, res, next) |
| 5 | { |
| 6 | if (!req.loggedIn) |
| 7 | return res.redirect("/"); |
| 8 | next(); |
| 9 | }; |
| 10 | |
| 11 | // Prevent access to "anonymous pages" |
| 12 | Access.unlogged = function(req, res, next) |
| 13 | { |
| 14 | if (!!req.loggedIn) |
| 15 | return res.redirect("/"); |
| 16 | next(); |
| 17 | }; |
| 18 | |
| 19 | // Prevent direct access to AJAX results |
| 20 | Access.ajax = function(req, res, next) |
| 21 | { |
| 22 | if (!req.xhr) |
| 23 | return res.json({errmsg: "Unauthorized access"}); |
| 24 | next(); |
| 25 | } |
| 26 | |
| 27 | // Check for errors before callback (continue page loading). TODO: better name. |
| 28 | Access.checkRequest = function(res, err, out, msg, cb) |
| 29 | { |
| 30 | if (!!err) |
| 31 | return res.json(err); |
| 32 | if (!out |
| 33 | || (Array.isArray(out) && out.length == 0) |
| 34 | || (typeof out === "object" && Object.keys(out).length == 0)) |
| 35 | { |
| 36 | return res.json({errmsg: msg}); |
| 37 | } |
| 38 | cb(); |
| 39 | } |
| 40 | |
| 41 | module.exports = Access; |