1f9172489a2c5d8b844bcec3df09430ec0fdabb0
[qomet.git] / utils / access.js
1 const _ = require("underscore");
2 const UserEntity = require("../entities/user");
3
4 let Access =
5 {
6 getUser: function(req, res, callback)
7 {
8 if (!res.locals.loggedIn)
9 return callback({errmsg: "Not logged in!"}, undefined);
10 UserEntity.getBySessionToken(req.cookies.token, function(err, user) {
11 if (!user)
12 return callback({errmsg: "Not logged in!"}, undefined);
13 return callback(null, user);
14 });
15 },
16
17 // Before loading sensible content, check + save credentials
18 logged: function(req, res, next)
19 {
20 Access.getUser(req, res, (err,user) => {
21 if (!!err)
22 return res.json(err);
23 req.user = user;
24 next();
25 });
26 },
27
28 // Prevent access to "anonymous pages"
29 unlogged: function(req, res, next)
30 {
31 if (!!req.user)
32 return res.json({errmsg: "Already logged in!"});
33 next();
34 },
35
36 // Prevent direct access to AJAX results
37 ajax: function(req, res, next)
38 {
39 if (!req.xhr)
40 return res.json({errmsg: "Unauthorized access"});
41 next();
42 },
43
44 // Check for errors before callback (continue page loading). TODO: better name.
45 checkRequest: function(res, err, out, msg, cb)
46 {
47 if (!!err)
48 return res.json(err);
49 if (!out || _.isEmpty(out))
50 return res.json({errmsg: msg});
51 cb();
52 },
53 };
54
55 module.exports = Access;