1 | const authmakerVerify = require('authmaker-verify');
|
2 | const winston = require('winston');
|
3 | const Q = require('q');
|
4 |
|
5 |
|
6 | try {
|
7 | winston.remove(winston.transports.Console);
|
8 | } catch (e) {
|
9 | }
|
10 |
|
11 | const winstonOptions = {
|
12 | colorize: true,
|
13 | timestamp: true,
|
14 | handleExceptions: true,
|
15 | prettyPrint: true,
|
16 | };
|
17 |
|
18 | if (process.env.LOG_LEVEL) {
|
19 | winstonOptions.level = process.env.LOG_LEVEL;
|
20 | } else if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
|
21 | winstonOptions.level = 'debug';
|
22 | } else {
|
23 | winstonOptions.level = 'info';
|
24 | }
|
25 |
|
26 | if (!process.env.NO_LOG) {
|
27 | winston.add(winston.transports.Console, winstonOptions);
|
28 | }
|
29 |
|
30 | function generateRateLimit(tag, defaultScope) {
|
31 | return function rateLimit(req, res, next) {
|
32 | if (!req.headers.authorization) {
|
33 | return res.status(401).send('No Access token provided');
|
34 | }
|
35 |
|
36 |
|
37 | const accessToken = req.headers.authorization.split(/\s+/).pop();
|
38 |
|
39 |
|
40 | return authmakerVerify.mongoRateLimited(accessToken, tag, defaultScope)
|
41 |
|
42 | .then((oauthSession) => {
|
43 | req.oauthSession = oauthSession;
|
44 |
|
45 |
|
46 | return authmakerVerify.models.user.findOne({
|
47 | _id: oauthSession.userId,
|
48 | }).exec().then((user) => {
|
49 | req.user = user;
|
50 | });
|
51 | })
|
52 |
|
53 | .then(() => {
|
54 | next();
|
55 | })
|
56 |
|
57 | .then(null, (err) => {
|
58 | winston.error('Error while authorizing session', {
|
59 | error: err.message,
|
60 | stask: err.stack,
|
61 | authorisation: req.headers.authorization,
|
62 | });
|
63 |
|
64 | if (err.message.indexOf('Not Authorized') >= 0) {
|
65 | res.status(401);
|
66 | } else if (err.message.indexOf('Too Many Requests') >= 0) {
|
67 | res.status(429);
|
68 | return res.send('Too Many Requests: Rate limit exceeded.');
|
69 | } else {
|
70 | res.status(500);
|
71 | }
|
72 |
|
73 | return res.send(err.message);
|
74 | });
|
75 | };
|
76 | }
|
77 |
|
78 | function generateVerify(tag, options) {
|
79 | return function (req, res, next) {
|
80 |
|
81 | return Q.fcall(() => {
|
82 | if (!req.headers.authorization) {
|
83 | throw new Error('Not Authorized: No Access token provided');
|
84 | }
|
85 |
|
86 |
|
87 | const accessToken = req.headers.authorization.split(/\s+/).pop();
|
88 |
|
89 | return authmakerVerify.mongo(accessToken, tag);
|
90 | })
|
91 |
|
92 | .then((oauthSession) => {
|
93 | req.oauthSession = oauthSession;
|
94 |
|
95 |
|
96 | return authmakerVerify.models.user.findOne({
|
97 | _id: oauthSession.userId,
|
98 | }).exec().then((user) => {
|
99 | req.user = user;
|
100 | });
|
101 | })
|
102 |
|
103 | .then(() => {
|
104 | next();
|
105 | })
|
106 |
|
107 | .then(null, (err) => {
|
108 | winston.error('Error while authorizing session', {
|
109 | error: err.message,
|
110 | stask: err.stack,
|
111 | authorisation: req.headers.authorization,
|
112 | });
|
113 |
|
114 | if (options && options.passError) {
|
115 | return next(err);
|
116 | }
|
117 |
|
118 | if (err.message.indexOf('Not Authorized') >= 0) {
|
119 | res.status(401);
|
120 | } else {
|
121 | res.status(500);
|
122 | }
|
123 |
|
124 | return res.send(err.message);
|
125 | });
|
126 | };
|
127 | }
|
128 |
|
129 | function getExternalIdentities(req, res, next) {
|
130 | if (!req.user) {
|
131 | return next('req.user not defined - must use mongo(), mongoRateLimited() or mongoRateLimitedDefault() before this middleware');
|
132 | }
|
133 |
|
134 | return authmakerVerify.models.externalIdentity.find({
|
135 | _id: req.user.externalIdentities,
|
136 | }).exec().then((externalIdentities) => {
|
137 | req.externalIdentities = externalIdentities;
|
138 |
|
139 | next();
|
140 | }).then(null, (err) => {
|
141 | next(err);
|
142 | });
|
143 | }
|
144 |
|
145 | module.exports = {
|
146 | mongoRateLimited(tag, defaultScope) {
|
147 | return generateRateLimit(tag, defaultScope);
|
148 | },
|
149 |
|
150 | mongoRateLimitedDefault(tag, defaultScope) {
|
151 | console.warn('This function is deprecated, just use mongoRateLimited(tag, defaultScope) instead');
|
152 | return generateRateLimit(tag, defaultScope);
|
153 | },
|
154 |
|
155 | mongo(tag, options) {
|
156 | return generateVerify(tag, options);
|
157 | },
|
158 |
|
159 | externalIdentities: getExternalIdentities,
|
160 |
|
161 | init(nconf) {
|
162 |
|
163 | return authmakerVerify.init(nconf);
|
164 | },
|
165 |
|
166 | models: authmakerVerify.models,
|
167 |
|
168 | authmakerVerify,
|
169 | };
|