Last active
August 29, 2015 14:25
-
-
Save TinyExplosions/9a9ecf192ede8e10a305 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(function() { | |
var Auth = {}, | |
$fh = require('fh-mbaas-api'), | |
Q = require('q'), | |
Logger = require('/util/logger').getLogger(); | |
Auth.authenticated = function(req, res, next) { | |
Logger.log("debug", "Authenticating Request"); | |
// Check for the `X-FH-Session-Token` -if it's not there, it's an unauthorised attempt | |
var sessionToken = req.header('X-FH-Session-Token'); | |
if (!sessionToken) { | |
Logger.log("debug", "No Session Token Present"); | |
return res.send(403, { | |
body: "Error Getting Correct Headers" | |
}); | |
} | |
// We have an `X-FH-Session-Token` header, so see if it's in `$fh.session` | |
_getUserDetails(sessionToken) | |
.then(function(userObj) { | |
Logger.log("debug", "Session Verified", userObj); | |
res.user = userObj; | |
next(); | |
}) | |
.fail(function(err) { | |
Logger.log("debug", "Error finding session", err); | |
var errCode = err.code === 500 ? 500 : 403; | |
return res.send(errCode, { | |
body: err | |
}); | |
}); | |
}; | |
// This can be used as a 'belt and braces' approach, as it checks for a well formed sessionToken | |
// if a token exists at all. If no token, it allows the request through. | |
Auth.verifyHash = function(req, res, next) { | |
Logger.log("debug", "Verify Hash"); | |
var sessionToken = req.header('X-FH-Session-Token'); | |
if (sessionToken) { | |
if (encodeURI(sessionToken).match("[a-fA-F0-9]{32}")) { | |
return next(); | |
} else { | |
return res.send(403, { | |
body: "Session token invalid format." | |
}); | |
} | |
} | |
return next(); | |
}; | |
var _getUserDetails = function(sessionToken) { | |
var deferred = Q.defer(); | |
Logger.log("debug", "Session Token is", sessionToken); | |
$fh.session.get(sessionToken, function(err, session) { | |
// if `err` isn't undefined there's a *major* issue with redis | |
if (err) { | |
deferred.reject({ | |
code: 500, | |
error: "Redis Error" | |
}); | |
} | |
// if no `session` either session has timed out or `sessionToken` is invalid | |
// `code: 102` can be used for debugging in the app, as it will be specific to | |
// this error | |
if (!session) { | |
deferred.reject({ | |
code: 102, | |
error: "Error Retriving User Details" | |
}); | |
} else { | |
// we have session data, so lets return that for the next route parser | |
var userObj = JSON.parse(session); | |
userObj.objectId = sessionToken; | |
deferred.resolve(userObj); | |
} | |
}); | |
return deferred.promise; | |
}; | |
module.exports = Auth; | |
})(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment