benkyd/note-service-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authentication middleware complete for requests with an authroization header

Browse Source
This commit is contained in:
Ben
2018-09-06 18:03:31 +01:00
parent 299be3618d
commit 3ed9ed4cbd
5 changed files with 482 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/controllers/middleware/auth.js Normal file
View File

@@ -0,0 +1,28 @@
import {MiddleWare} from './index';
import {API} from '../../models/api/API';
import {Logger} from '../../models/logger'
import {AuthModel} from '../../models/auth/authModel';
export class AuthMiddleWare extends MiddleWare {
static async authUser(req, res, next) {
let errors = new API.errors(res);
if (!req.headers.authorization) {
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
errors.endpoint();
return;
}
let token = req.headers.authorization;
let user = await AuthModel.getUserFromToken(token);
if (user == -1) {
errors.addError(403, 'Forbidden', 'You cannot access this resource without authorization');
errors.endpoint();
return;
}
req.user = user;
next();
}
}

1
src/controllers/middleware/index.js
View File

@@ -20,3 +20,4 @@ export class MiddleWare {
}
MiddleWare.RateLimits = require('./rateLimits').RateLimits;
MiddleWare.Auth = require('./auth').AuthMiddleWare;

21
src/controllers/routes/router.js
View File

@@ -14,25 +14,26 @@ export class Router {
app.get('/', [MiddleWare.RateLimits.request, Router.frontPage]);
// app.get('/user/:id', [MiddleWare.RateLimits.request]);
// app.delete('/user/:id', [MiddleWare.RateLimits.request]);
app.post('/user', [MiddleWare.RateLimits.request, Controllers.UserController.newUser]);
app.post('/login', [MiddleWare.RateLimits.request, Controllers.LoginController.authenticate]);
app.get('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.delete('/auth/user/:id', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.post('/unauth/permanote', [MiddleWare.RateLimits.request, Controllers.PermaLinkController.unauthentacatedPermaLink]);
app.get('/note/:endpoint', [MiddleWare.RateLimits.request, Controllers.PermaLinkController.getNote]);
app.post('/auth/note'); // Passes through auth middleware which if authenticated passes user obj and token to the note handling function for it to deal with
app.post('/aith/group');
app.post('/auth/note', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]); // Passes through auth middleware which if authenticated passes user obj and token to the note handling function for it to deal with
app.post('/aith/group', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.get('/auth/getallnotes');
app.get('/auth/getallgroups');
app.get('/auth/getallnotes', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.get('/auth/getallgroups', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.post('/auth/movenote');
app.post('/auth/movegroup');
app.post('/auth/movenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.post('/auth/movegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.delete('/auth/deletenote');
app.delete('/auth/deletegroup');
app.delete('/auth/deletenote', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.delete('/auth/deletegroup', [MiddleWare.RateLimits.request, MiddleWare.Auth.authUser]);
app.get('*', [MiddleWare.RateLimits.request, StatusCodes.pageNotFound]);
Logger.info('HTTP endpoints settup');