alexbeletsky/app.js

## app.js
const express = require('express');
const bodyParser = require('body-parser');
const methodOverride = require('method-override');
const morgan = require('morgan');
const cors = require('cors');
const health = require('express-ping');

const config = require('./config');
const middleware = require('./source/middleware');
const logger = require('./source/utils/logger');
const auth = require('./source/utils/auth');

const app = express();
const env = process.env.NODE_ENV || 'development';
const port = process.env.PORT || 3010;

morgan.format('custom', ':method :url :status :res[content-length] - :response-time ms');
app.use(morgan('custom', { stream: logger.stream() }));

app.use(health.ping('/'));
app.use(middleware.db.mongo(config.mongo));
app.use(bodyParser.json());
app.use(methodOverride());
app.use(cors());

auth(app, ['/v1']);

require('./source/api')(app);
app.use(middleware.errors());

app.listen(port, () => {
  logger.success('api started [:' + port + '] ' + env);
});

## middleware--auth.js
const usersModel = require('../models/users');

function auth() {
  return (req, res, next) => {
    const token = headers() || query();
    const users = usersModel(req.mongo);

    if (!token) {
      return next({ message: 'access token missing', status: 401 });
    }

    users.findByAccessToken(token, (err, user) => {
      if (err) {
        return next(err);
      }

      if (!user) {
        return next({ message: 'not authorized', status: 401 });
      }

      req.user = user;

      next();
    });

    function headers() {
      return req.headers['x-token'] || req.headers['x-access-token'];
    }

    function query() {
      return req.query.accessToken || req.query.accesstoken;
    }
  };
}

module.exports = auth;

## utils--auth.js
const middleware = require('../middleware');

function applyAuthentication(app, routesToSecure) {
  routesToSecure.forEach((route) => {
    app.all(route + '/*', middleware.access.auth());
  });

  return app;
}

module.exports = applyAuthentication;

## utils--middleware.js
module.exports = {
  access: {
    auth: require('./auth')
  }
};
	const express = require('express');
	const bodyParser = require('body-parser');
	const methodOverride = require('method-override');
	const morgan = require('morgan');
	const cors = require('cors');
	const health = require('express-ping');

	const config = require('./config');
	const middleware = require('./source/middleware');
	const logger = require('./source/utils/logger');
	const auth = require('./source/utils/auth');

	const app = express();
	const env = process.env.NODE_ENV \|\| 'development';
	const port = process.env.PORT \|\| 3010;

	morgan.format('custom', ':method :url :status :res[content-length] - :response-time ms');
	app.use(morgan('custom', { stream: logger.stream() }));

	app.use(health.ping('/'));
	app.use(middleware.db.mongo(config.mongo));
	app.use(bodyParser.json());
	app.use(methodOverride());
	app.use(cors());

	auth(app, ['/v1']);

	require('./source/api')(app);
	app.use(middleware.errors());

	app.listen(port, () => {
	logger.success('api started [:' + port + '] ' + env);
	});
	const usersModel = require('../models/users');

	function auth() {
	return (req, res, next) => {
	const token = headers() \|\| query();
	const users = usersModel(req.mongo);

	if (!token) {
	return next({ message: 'access token missing', status: 401 });
	}

	users.findByAccessToken(token, (err, user) => {
	if (err) {
	return next(err);
	}

	if (!user) {
	return next({ message: 'not authorized', status: 401 });
	}

	req.user = user;

	next();
	});

	function headers() {
	return req.headers['x-token'] \|\| req.headers['x-access-token'];
	}

	function query() {
	return req.query.accessToken \|\| req.query.accesstoken;
	}
	};
	}

	module.exports = auth;
	const middleware = require('../middleware');

	function applyAuthentication(app, routesToSecure) {
	routesToSecure.forEach((route) => {
	app.all(route + '/*', middleware.access.auth());
	});

	return app;
	}

	module.exports = applyAuthentication;