[vchess.git] / server / utils / access.js

var UserModel = require("../models/User");

module.exports =
{
  // Prevent access to "users pages"
  logged: function(req, res, next) {
    const callback = () => {
      if (!loggedIn)
        res.json({errmsg: "Error: try to delete cookies"});
      else next();
    };
    let loggedIn = undefined;
    if (!req.cookies.token) {
      loggedIn = false;
      callback();
    } else {
      UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
        if (!!user) {
          req.userId = user.id;
          req.userName = user.name;
          loggedIn = true;
        } else {
          // Token in cookies presumably wrong: erase it
          res.clearCookie("token");
          loggedIn = false;
        }
        callback();
      });
    }
  },

  // Prevent access to "anonymous pages"
  unlogged: function(req, res, next) {
    // Just a quick heuristic, which should be enough
    const loggedIn = !!req.cookies.token;
    if (loggedIn) res.json({errmsg: "Error: try to delete cookies"});
    else next();
  },

  // Prevent direct access to AJAX results
  ajax: function(req, res, next) {
    if (!req.xhr) res.json({errmsg: "Unauthorized access"});
    else next();
  },

  // Check for errors before callback (continue page loading). TODO: better name.
  checkRequest: function(res, err, out, msg, cb) {
    if (!!err) res.json({errmsg: err.errmsg || err.toString()});
    else if (
      !out ||
      (Array.isArray(out) && out.length == 0) ||
      (typeof out === "object" && Object.keys(out).length == 0)
    ) {
      res.json({errmsg: msg});
    } else cb();
  }
}
Commit	Line	Data
625022fd BA	1	var UserModel = require("../models/User");
625022fd BA	2
fd08ab2c	3	module.exports =
8d7e2786	4	{
dac39588 BA	5	// Prevent access to "users pages"
	6	logged: function(req, res, next) {
	7	const callback = () => {
	8	if (!loggedIn)
f0c68a04	9	res.json({errmsg: "Error: try to delete cookies"});
866842c3	10	else next();
dac39588 BA	11	};
dac39588 BA	12	let loggedIn = undefined;
0234201f	13	if (!req.cookies.token) {
dac39588 BA	14	loggedIn = false;
dac39588 BA	15	callback();
0234201f	16	} else {
dac39588	17	UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
0234201f	18	if (!!user) {
dac39588 BA	19	req.userId = user.id;
	20	req.userName = user.name;
	21	loggedIn = true;
0234201f	22	} else {
dac39588 BA	23	// Token in cookies presumably wrong: erase it
	24	res.clearCookie("token");
	25	loggedIn = false;
	26	}
	27	callback();
	28	});
	29	}
	30	},
8d7e2786	31
dac39588 BA	32	// Prevent access to "anonymous pages"
	33	unlogged: function(req, res, next) {
	34	// Just a quick heuristic, which should be enough
	35	const loggedIn = !!req.cookies.token;
0234201f	36	if (loggedIn) res.json({errmsg: "Error: try to delete cookies"});
866842c3	37	else next();
dac39588	38	},
8d7e2786	39
dac39588 BA	40	// Prevent direct access to AJAX results
dac39588 BA	41	ajax: function(req, res, next) {
0234201f	42	if (!req.xhr) res.json({errmsg: "Unauthorized access"});
866842c3	43	else next();
dac39588	44	},
8d7e2786	45
dac39588 BA	46	// Check for errors before callback (continue page loading). TODO: better name.
dac39588 BA	47	checkRequest: function(res, err, out, msg, cb) {
0234201f BA	48	if (!!err) res.json({errmsg: err.errmsg \|\| err.toString()});
	49	else if (
	50	!out \|\|
	51	(Array.isArray(out) && out.length == 0) \|\|
	52	(typeof out === "object" && Object.keys(out).length == 0)
	53	) {
866842c3	54	res.json({errmsg: msg});
0234201f BA	55	} else cb();
0234201f BA	56	}
8d7e2786	57	}