UNPKG

authmaker-verify-express/index.js

Version:

3.84 kBJavaScriptView Raw

1var authmakerVerify = require('authmaker-verify');
2var winston = require('winston');
3
4//remove it so to add it with my settings
5try{winston.remove(winston.transports.Console);}catch(e){//do nothing
6}
7
8var winstonOptions = {
9    colorize: true,
10    timestamp: true,
11    handleExceptions: true,
12    prettyPrint: true
13};
14
15if(process.env.LOG_LEVEL){
16    winstonOptions.level = process.env.LOG_LEVEL;
17} else if(process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test'){
18    winstonOptions.level = "debug";
19} else {
20    winstonOptions.level = "info";
21}
22
23if(!process.env.NO_LOG) {
24    winston.add(winston.transports.Console, winstonOptions);
25}
26
27function generateRateLimit(tag, defaultScope){
28    return function(req, res, next){
29    if (!req.headers.authorization) {
30        return res.status(401).send("No Access token provided");
31    }
32
33    //take the accessToken as the last delimited entry in authorization
34    var accessToken = req.headers.authorization.split(/\s+/).pop();
35
36    //verify the access-token
37    return authmakerVerify.mongoRateLimited(accessToken, tag, defaultScope)
38        .then(function(oauthSession) {
39            req.oauthSession = oauthSession;
40
41            next();
42        })
43        .then(null, function(err) {
44            winston.error("Error while authorizing session", {
45                error: err.message,
46                stask: err.stack,
47                authorisation: req.headers.authorization
48            });
49
50            if (err.message.indexOf("Not Authorized") >= 0) {
51                res.status(401);
52            } else if (err.message.indexOf("Too Many Requests") >= 0) {
53                res.status(429);
54                return res.send("Too Many Requests: Rate limit exceeded.");
55            } else {
56                res.status(500);
57            }
58
59            return res.send(err.message);
60        });
61    };
62}
63
64function generateVerify(tag, options){
65    return function(req, res, next){
66        if (!req.headers.authorization) {
67            return res.status(401).send("No Access token provided");
68        }
69
70        //take the accessToken as the last delimited entry in authorization
71        var accessToken = req.headers.authorization.split(/\s+/).pop();
72
73        //verify the access-token
74        return authmakerVerify.mongo(accessToken, tag)
75            .then(function(oauthSession) {
76                req.oauthSession = oauthSession;
77
78                next();
79            })
80            .then(null, function(err) {
81                winston.error("Error while authorizing session", {
82                    error: err.message,
83                    stask: err.stack,
84                    authorisation: req.headers.authorization
85                });
86
87                if (options && options.passError) {
88                    return next(err);
89                }
90
91                if (err.message.indexOf("Not Authorized") >= 0) {
92                    res.status(401);
93                } else {
94                    res.status(500);
95                }
96
97                return res.send(err.message);
98            });
99    };
100}
101
102module.exports = {
103    mongoRateLimited: function(tag, defaultScope) {
104        return generateRateLimit(tag, defaultScope);
105    },
106
107    mongoRateLimitedDefault: function(tag, defaultScope){
108        console.warn("This function is deprecated, just use mongoRateLimited(tag, defaultScope) instead");
109        return generateRateLimit(tag, defaultScope);
110    },
111
112    mongo: function(tag) {
113        return generateVerify(tag);
114    },
115
116    connectMongo: function(nconf) {
117        //initialise the db
118        authmakerVerify.connectMongo(nconf);
119    },
120
121    authmakerVerify: authmakerVerify
122};
123
124//pass on models and mongoose for tests
125if(process.env.NODE_ENV === "test"){
126    module.exports.models = authmakerVerify.models;
127    module.exports.mongoose = authmakerVerify.mongoose;
128}

1	`var authmakerVerify = require('authmaker-verify');`
2	`var winston = require('winston');`
3
4	`//remove it so to add it with my settings`
5	`try{winston.remove(winston.transports.Console);}catch(e){//do nothing`
6	`}`
7
8	`var winstonOptions = {`
9	`colorize: true,`
10	`timestamp: true,`
11	`handleExceptions: true,`
12	`prettyPrint: true`
13	`};`
14
15	`if(process.env.LOG_LEVEL){`
16	`winstonOptions.level = process.env.LOG_LEVEL;`
17	`} else if(process.env.NODE_ENV === 'development' \|\| process.env.NODE_ENV === 'test'){`
18	`winstonOptions.level = "debug";`
19	`} else {`
20	`winstonOptions.level = "info";`
21	`}`
22
23	`if(!process.env.NO_LOG) {`
24	`winston.add(winston.transports.Console, winstonOptions);`
25	`}`
26
27	`function generateRateLimit(tag, defaultScope){`
28	`return function(req, res, next){`
29	`if (!req.headers.authorization) {`
30	`return res.status(401).send("No Access token provided");`
31	`}`
32
33	`//take the accessToken as the last delimited entry in authorization`
34	`var accessToken = req.headers.authorization.split(/\s+/).pop();`
35
36	`//verify the access-token`
37	`return authmakerVerify.mongoRateLimited(accessToken, tag, defaultScope)`
38	`.then(function(oauthSession) {`
39	`req.oauthSession = oauthSession;`
40
41	`next();`
42	`})`
43	`.then(null, function(err) {`
44	`winston.error("Error while authorizing session", {`
45	`error: err.message,`
46	`stask: err.stack,`
47	`authorisation: req.headers.authorization`
48	`});`
49
50	`if (err.message.indexOf("Not Authorized") >= 0) {`
51	`res.status(401);`
52	`} else if (err.message.indexOf("Too Many Requests") >= 0) {`
53	`res.status(429);`
54	`return res.send("Too Many Requests: Rate limit exceeded.");`
55	`} else {`
56	`res.status(500);`
57	`}`
58
59	`return res.send(err.message);`
60	`});`
61	`};`
62	`}`
63
64	`function generateVerify(tag, options){`
65	`return function(req, res, next){`
66	`if (!req.headers.authorization) {`
67	`return res.status(401).send("No Access token provided");`
68	`}`
69
70	`//take the accessToken as the last delimited entry in authorization`
71	`var accessToken = req.headers.authorization.split(/\s+/).pop();`
72
73	`//verify the access-token`
74	`return authmakerVerify.mongo(accessToken, tag)`
75	`.then(function(oauthSession) {`
76	`req.oauthSession = oauthSession;`
77
78	`next();`
79	`})`
80	`.then(null, function(err) {`
81	`winston.error("Error while authorizing session", {`
82	`error: err.message,`
83	`stask: err.stack,`
84	`authorisation: req.headers.authorization`
85	`});`
86
87	`if (options && options.passError) {`
88	`return next(err);`
89	`}`
90
91	`if (err.message.indexOf("Not Authorized") >= 0) {`
92	`res.status(401);`
93	`} else {`
94	`res.status(500);`
95	`}`
96
97	`return res.send(err.message);`
98	`});`
99	`};`
100	`}`
101
102	`module.exports = {`
103	`mongoRateLimited: function(tag, defaultScope) {`
104	`return generateRateLimit(tag, defaultScope);`
105	`},`
106
107	`mongoRateLimitedDefault: function(tag, defaultScope){`
108	`console.warn("This function is deprecated, just use mongoRateLimited(tag, defaultScope) instead");`
109	`return generateRateLimit(tag, defaultScope);`
110	`},`
111
112	`mongo: function(tag) {`
113	`return generateVerify(tag);`
114	`},`
115
116	`connectMongo: function(nconf) {`
117	`//initialise the db`
118	`authmakerVerify.connectMongo(nconf);`
119	`},`
120
121	`authmakerVerify: authmakerVerify`
122	`};`
123
124	`//pass on models and mongoose for tests`
125	`if(process.env.NODE_ENV === "test"){`
126	`module.exports.models = authmakerVerify.models;`
127	`module.exports.mongoose = authmakerVerify.mongoose;`
128	`}`