projects / YouAndWeb_TwoToc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Creazione organizza
[YouAndWeb_TwoToc] / .fr-KzWVa7 / twotoc / server / auth / auth.service.js
diff --git a/.fr-KzWVa7/twotoc/server/auth/auth.service.js b/.fr-KzWVa7/twotoc/server/auth/auth.service.js
new file mode 100755 (executable)
index 0000000..5952757
--- /dev/null
+++ b/.fr-KzWVa7/twotoc/server/auth/auth.service.js
@@ -0,0 +1,88 @@
+'use strict';
+
+var passport = require('passport');
+var config = require('../config/environment');
+var jwt = require('jsonwebtoken');
+var expressJwt = require('express-jwt');
+var compose = require('composable-middleware');
+var User = require('../api/user/user.model');
+var validateJwt = expressJwt({
+  secret: config.secrets.session
+});
+
+/**
+ * Attaches the user object to the request if authenticated
+ * Otherwise returns 403
+ */
+function isAuthenticated() {
+  return compose()
+    // Validate jwt
+    .use(function(req, res, next) {
+      // allow access_token to be passed through query parameter as well
+      if (req.query && req.query.hasOwnProperty('access_token')) {
+        req.headers.authorization = 'Bearer ' + req.query.access_token;
+      }
+      validateJwt(req, res, next);
+    })
+    // Attach user to request
+    .use(function(req, res, next) {
+      User.findByIdAsync(req.user._id)
+        .then(function(user) {
+          if (!user) {
+            return res.status(401).end();
+          }
+          req.user = user;
+          next();
+        })
+        .catch(function(err) {
+          return next(err);
+        });
+    });
+}
+
+/**
+ * Checks if the user role meets the minimum requirements of the route
+ */
+function hasRole(roleRequired) {
+  if (!roleRequired) {
+    throw new Error('Required role needs to be set');
+  }
+
+  return compose()
+    .use(isAuthenticated())
+    .use(function meetsRequirements(req, res, next) {
+      if (config.userRoles.indexOf(req.user.role) >=
+          config.userRoles.indexOf(roleRequired)) {
+        next();
+      }
+      else {
+        res.status(403).send('Forbidden');
+      }
+    });
+}
+
+/**
+ * Returns a jwt token signed by the app secret
+ */
+function signToken(id, role) {
+  return jwt.sign({ _id: id, role: role }, config.secrets.session, {
+    expiresInMinutes: 60 * 5
+  });
+}
+
+/**
+ * Set token cookie directly for oAuth strategies
+ */
+function setTokenCookie(req, res) {
+  if (!req.user) {
+    return res.status(404).send('Something went wrong, please try again.');
+  }
+  var token = signToken(req.user._id, req.user.role);
+  res.cookie('token', JSON.stringify(token));
+  res.redirect('/');
+}
+
+exports.isAuthenticated = isAuthenticated;
+exports.hasRole = hasRole;
+exports.signToken = signToken;
+exports.setTokenCookie = setTokenCookie;
Unnamed repository; edit this file 'description' to name the repository.