| 1 | 'use strict';
|
| 2 | var _ = require('lodash');
|
| 3 | var Promise = require('bluebird');
|
| 4 | var security = require('../core/utils/security');
|
| 5 | var models = require('../models');
|
| 6 | var moment = require('moment');
|
| 7 | var AppError = require('./app-error')
|
| 8 |
|
| 9 | var middleware = module.exports
|
| 10 |
|
| 11 | var checkAuthToken = function (authToken) {
|
| 12 | var objToken = security.parseToken(authToken);
|
| 13 | return models.Users.findOne({
|
| 14 | where: {identical: objToken.identical}
|
| 15 | })
|
| 16 | .then((users) => {
|
| 17 | if (_.isEmpty(users)) {
|
| 18 | throw new AppError.Unauthorized();
|
| 19 | }
|
| 20 | var Sequelize = require('sequelize');
|
| 21 | return models.UserTokens.findOne({
|
| 22 | where: {tokens: authToken, uid: users.id, expires_at: { [Sequelize.Op.gt]: moment().format('YYYY-MM-DD HH:mm:ss') }}
|
| 23 | })
|
| 24 | .then((tokenInfo) => {
|
| 25 | if (_.isEmpty(tokenInfo)){
|
| 26 | throw new AppError.Unauthorized()
|
| 27 | }
|
| 28 | return users;
|
| 29 | })
|
| 30 | }).then((users) => {
|
| 31 | return users;
|
| 32 | })
|
| 33 | }
|
| 34 |
|
| 35 | var checkAccessToken = function (accessToken) {
|
| 36 | return new Promise((resolve, reject) => {
|
| 37 | if (_.isEmpty(accessToken)) {
|
| 38 | throw new AppError.Unauthorized();
|
| 39 | }
|
| 40 | var config = require('../core/config');
|
| 41 | var tokenSecret = _.get(config, 'jwt.tokenSecret');
|
| 42 | var jwt = require('jsonwebtoken');
|
| 43 | try {
|
| 44 | var authData = jwt.verify(accessToken, tokenSecret);
|
| 45 | } catch (e) {
|
| 46 | reject(new AppError.Unauthorized());
|
| 47 | }
|
| 48 | var uid = _.get(authData, 'uid', null);
|
| 49 | var hash = _.get(authData, 'hash', null);
|
| 50 | if (parseInt(uid) > 0) {
|
| 51 | return models.Users.findOne({
|
| 52 | where: {id: uid}
|
| 53 | })
|
| 54 | .then((users) => {
|
| 55 | if (_.isEmpty(users)) {
|
| 56 | throw new AppError.Unauthorized();
|
| 57 | }
|
| 58 | if (!_.eq(hash, security.md5(users.get('ack_code')))){
|
| 59 | throw new AppError.Unauthorized();
|
| 60 | }
|
| 61 | resolve(users);
|
| 62 | })
|
| 63 | .catch((e) => {
|
| 64 | reject(e);
|
| 65 | });
|
| 66 | } else {
|
| 67 | reject(new AppError.Unauthorized());
|
| 68 | }
|
| 69 | });
|
| 70 | }
|
| 71 |
|
| 72 | middleware.checkToken = function(req, res, next) {
|
| 73 | var authArr = _.split(req.get('Authorization'), ' ');
|
| 74 | var authType = 1;
|
| 75 | var authToken = null;
|
| 76 | if (_.eq(authArr[0], 'Bearer')) {
|
| 77 | authType = 1;
|
| 78 | authToken = authArr[1];
|
| 79 | } else if(_.eq(authArr[0], 'Basic')) {
|
| 80 | authType = 2;
|
| 81 | var b = new Buffer(authArr[1], 'base64');
|
| 82 | var user = _.split(b.toString(), ':');
|
| 83 | authToken = _.get(user, '1');
|
| 84 | } else {
|
| 85 | authType = 2;
|
| 86 | authToken = _.trim(_.trimStart(_.get(req, 'query.access_token', null)));
|
| 87 | }
|
| 88 | if (authType == 1) {
|
| 89 | checkAuthToken(authToken)
|
| 90 | .then((users) => {
|
| 91 | req.users = users;
|
| 92 | next();
|
| 93 | return users;
|
| 94 | })
|
| 95 | .catch((e) => {
|
| 96 | if (e instanceof AppError.AppError) {
|
| 97 | res.status(e.status || 404).send(e.message);
|
| 98 | } else {
|
| 99 | next(e);
|
| 100 | }
|
| 101 | });
|
| 102 | } else if (authType == 2) {
|
| 103 | checkAccessToken(authToken)
|
| 104 | .then((users) => {
|
| 105 | req.users = users;
|
| 106 | next();
|
| 107 | return users;
|
| 108 | })
|
| 109 | .catch((e) => {
|
| 110 | if (e instanceof AppError.AppError) {
|
| 111 | res.status(e.status || 404).send(e.message);
|
| 112 | } else {
|
| 113 | next(e);
|
| 114 | }
|
| 115 | });
|
| 116 | } else {
|
| 117 | res.send(new AppError.Unauthorized(`Auth type not supported.`));
|
| 118 | }
|
| 119 | };
|