3 var passport = require('passport');
4 var config = require('../config/environment');
5 var jwt = require('jsonwebtoken');
6 var expressJwt = require('express-jwt');
7 var compose = require('composable-middleware');
8 var User = require('../api/user/user.model');
9 var validateJwt = expressJwt({
10 secret: config.secrets.session
14 * Attaches the user object to the request if authenticated
15 * Otherwise returns 403
17 function isAuthenticated() {
20 .use(function(req, res, next) {
21 // allow access_token to be passed through query parameter as well
22 if (req.query && req.query.hasOwnProperty('access_token')) {
23 req.headers.authorization = 'Bearer ' + req.query.access_token;
25 validateJwt(req, res, next);
27 // Attach user to request
28 .use(function(req, res, next) {
29 User.findByIdAsync(req.user._id)
30 .then(function(user) {
32 return res.status(401).end();
37 .catch(function(err) {
44 * Checks if the user role meets the minimum requirements of the route
46 function hasRole(roleRequired) {
48 throw new Error('Required role needs to be set');
52 .use(isAuthenticated())
53 .use(function meetsRequirements(req, res, next) {
54 if (config.userRoles.indexOf(req.user.role) >=
55 config.userRoles.indexOf(roleRequired)) {
59 res.status(403).send('Forbidden');
65 * Returns a jwt token signed by the app secret
67 function signToken(id, role) {
68 return jwt.sign({ _id: id, role: role }, config.secrets.session, {
69 expiresInMinutes: 60 * 5
74 * Set token cookie directly for oAuth strategies
76 function setTokenCookie(req, res) {
78 return res.status(404).send('Something went wrong, please try again.');
80 var token = signToken(req.user._id, req.user.role);
81 res.cookie('token', JSON.stringify(token));
85 exports.isAuthenticated = isAuthenticated;
86 exports.hasRole = hasRole;
87 exports.signToken = signToken;
88 exports.setTokenCookie = setTokenCookie;