You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
wiki/server/middlewares/auth.js

73 lines
1.8 KiB

const jwt = require('jsonwebtoken')
const moment = require('moment')
const securityHelper = require('../helpers/security')
/* global WIKI */
/**
* Authentication middleware
*/
module.exports = {
jwt(req, res, next) {
WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => {
if (err) { return next() }
// Expired but still valid within 7 days, just renew
if (info instanceof jwt.TokenExpiredError && moment().subtract(14, 'days').isBefore(info.expiredAt)) {
const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
user = newToken.user
// Try headers, otherwise cookies for response
if (req.get('content-type') === 'application/json') {
res.set('new-jwt', newToken.token)
} else {
res.cookie('jwt', newToken.token, { expires: moment().add(365, 'days').toDate() })
}
} catch (err) {
return next()
}
}
// JWT is NOT valid
if (!user) { return next() }
// JWT is valid
req.logIn(user, { session: false }, (err) => {
if (err) { return next(err) }
next()
})
})(req, res, next)
},
checkPath(req, res, next) {
// Is user authenticated ?
if (!req.isAuthenticated()) {
if (WIKI.config.public !== true) {
return res.redirect('/login')
} else {
// req.user = rights.guest
res.locals.isGuest = true
}
} else {
res.locals.isGuest = false
}
// Check permissions
// res.locals.rights = rights.check(req)
// if (!res.locals.rights.read) {
// return res.render('error-forbidden')
// }
// Expose user data
res.locals.user = req.user
return next()
}
}