forked from lisong/code-push-server
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmiddleware.js
More file actions
107 lines (102 loc) · 2.84 KB
/
middleware.js
File metadata and controls
107 lines (102 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
'use strict';
var _ = require('lodash');
var Promise = require('bluebird');
var security = require('../core/utils/security');
var models = require('../models');
var moment = require('moment');
var middleware = module.exports
const UNAUTHORIZED_TEXT = `401 Unauthorized`;
var checkAuthToken = function (authToken) {
var objToken = security.parseToken(authToken);
return models.Users.findOne({
where: {identical: objToken.identical}
})
.then(function(users) {
if (_.isEmpty(users)) {
throw new Error(UNAUTHORIZED_TEXT);
}
return models.UserTokens.findOne({
where: {tokens: authToken, uid: users.id, expires_at: { gt: moment().format('YYYY-MM-DD HH:mm:ss') }}
})
.then(function(tokenInfo){
if (_.isEmpty(tokenInfo)){
throw new Error(UNAUTHORIZED_TEXT)
}
return users;
})
}).then(function (users) {
return users;
})
}
var checkAccessToken = function (accessToken) {
return new Promise(function (resolve, reject) {
if (_.isEmpty(accessToken)) {
throw new Error(UNAUTHORIZED_TEXT);
}
var config = require('../core/config');
var tokenSecret = _.get(config, 'jwt.tokenSecret');
var jwt = require('jsonwebtoken');
var authData = jwt.verify(accessToken, tokenSecret);
var uid = _.get(authData, 'uid', null);
var hash = _.get(authData, 'hash', null);
if (parseInt(uid) > 0) {
return models.Users.findOne({
where: {id: uid}
})
.then(function(users) {
if (_.isEmpty(users)) {
throw new Error(UNAUTHORIZED_TEXT);
}
if (!_.eq(hash, security.md5(users.get('ack_code')))){
throw new Error(UNAUTHORIZED_TEXT);
}
resolve(users);
})
.catch(function (e) {
reject(e);
});
} else {
throw new Error(UNAUTHORIZED_TEXT);
}
});
}
middleware.checkToken = function(req, res, next) {
var authArr = _.split(req.get('Authorization'), ' ');
var authType = 1;
var authToken = null;
if (_.eq(authArr[0], 'Bearer')) {
authType = 1;
authToken = authArr[1]; //Bearer
} else if(_.eq(authArr[0], 'Basic')) {
authType = 2;
var b = new Buffer(authArr[1], 'base64');
var user = _.split(b.toString(), ':');
authToken = _.get(user, '1');
} else {
authType = 2;
authToken = _.trim(_.trimStart(_.get(req, 'query.access_token', null)));
}
if (authType == 1) {
checkAuthToken(authToken)
.then(function(users) {
req.users = users;
next();
return users;
})
.catch(function (e) {
res.status(401).send(e.message);
});
} else if (authType == 2) {
checkAccessToken(authToken)
.then(function(users) {
req.users = users;
next();
return users;
})
.catch(function (e) {
res.status(401).send(e.message);
});
} else {
res.status(401).send(UNAUTHORIZED_TEXT);
}
};