1 | 'use strict';
|
2 | var _ = require('lodash');
|
3 | var Promise = require('bluebird');
|
4 | var security = require('../core/utils/security');
|
5 | var models = require('../models');
|
6 | var moment = require('moment');
|
7 | var AppError = require('./app-error')
|
8 |
|
9 | var middleware = module.exports
|
10 |
|
11 | var checkAuthToken = function (authToken) {
|
12 | var objToken = security.parseToken(authToken);
|
13 | return models.Users.findOne({
|
14 | where: {identical: objToken.identical}
|
15 | })
|
16 | .then((users) => {
|
17 | if (_.isEmpty(users)) {
|
18 | throw new AppError.Unauthorized();
|
19 | }
|
20 | var Sequelize = require('sequelize');
|
21 | return models.UserTokens.findOne({
|
22 | where: {tokens: authToken, uid: users.id, expires_at: { [Sequelize.Op.gt]: moment().format('YYYY-MM-DD HH:mm:ss') }}
|
23 | })
|
24 | .then((tokenInfo) => {
|
25 | if (_.isEmpty(tokenInfo)){
|
26 | throw new AppError.Unauthorized()
|
27 | }
|
28 | return users;
|
29 | })
|
30 | }).then((users) => {
|
31 | return users;
|
32 | })
|
33 | }
|
34 |
|
35 | var checkAccessToken = function (accessToken) {
|
36 | return new Promise((resolve, reject) => {
|
37 | if (_.isEmpty(accessToken)) {
|
38 | throw new AppError.Unauthorized();
|
39 | }
|
40 | var config = require('../core/config');
|
41 | var tokenSecret = _.get(config, 'jwt.tokenSecret');
|
42 | var jwt = require('jsonwebtoken');
|
43 | try {
|
44 | var authData = jwt.verify(accessToken, tokenSecret);
|
45 | } catch (e) {
|
46 | reject(new AppError.Unauthorized());
|
47 | }
|
48 | var uid = _.get(authData, 'uid', null);
|
49 | var hash = _.get(authData, 'hash', null);
|
50 | if (parseInt(uid) > 0) {
|
51 | return models.Users.findOne({
|
52 | where: {id: uid}
|
53 | })
|
54 | .then((users) => {
|
55 | if (_.isEmpty(users)) {
|
56 | throw new AppError.Unauthorized();
|
57 | }
|
58 | if (!_.eq(hash, security.md5(users.get('ack_code')))){
|
59 | throw new AppError.Unauthorized();
|
60 | }
|
61 | resolve(users);
|
62 | })
|
63 | .catch((e) => {
|
64 | reject(e);
|
65 | });
|
66 | } else {
|
67 | reject(new AppError.Unauthorized());
|
68 | }
|
69 | });
|
70 | }
|
71 |
|
72 | middleware.checkToken = function(req, res, next) {
|
73 | var authArr = _.split(req.get('Authorization'), ' ');
|
74 | var authType = 1;
|
75 | var authToken = null;
|
76 | if (_.eq(authArr[0], 'Bearer')) {
|
77 | authType = 1;
|
78 | authToken = authArr[1];
|
79 | } else if(_.eq(authArr[0], 'Basic')) {
|
80 | authType = 2;
|
81 | var b = new Buffer(authArr[1], 'base64');
|
82 | var user = _.split(b.toString(), ':');
|
83 | authToken = _.get(user, '1');
|
84 | } else {
|
85 | authType = 2;
|
86 | authToken = _.trim(_.trimStart(_.get(req, 'query.access_token', null)));
|
87 | }
|
88 | if (authType == 1) {
|
89 | checkAuthToken(authToken)
|
90 | .then((users) => {
|
91 | req.users = users;
|
92 | next();
|
93 | return users;
|
94 | })
|
95 | .catch((e) => {
|
96 | if (e instanceof AppError.AppError) {
|
97 | res.status(e.status || 404).send(e.message);
|
98 | } else {
|
99 | next(e);
|
100 | }
|
101 | });
|
102 | } else if (authType == 2) {
|
103 | checkAccessToken(authToken)
|
104 | .then((users) => {
|
105 | req.users = users;
|
106 | next();
|
107 | return users;
|
108 | })
|
109 | .catch((e) => {
|
110 | if (e instanceof AppError.AppError) {
|
111 | res.status(e.status || 404).send(e.message);
|
112 | } else {
|
113 | next(e);
|
114 | }
|
115 | });
|
116 | } else {
|
117 | res.send(new AppError.Unauthorized(`Auth type not supported.`));
|
118 | }
|
119 | };
|