Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(writeapi): authenticate middleware logic to work better with await

Browse Source
This commit is contained in:
Julian Lam
2020-10-01 13:30:00 -04:00
parent f6433ef2c5
commit fd67355b03
1 changed files with 34 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/middleware/user.js
View File

@@ -16,17 +16,41 @@ const controllers = {
authentication: require('../controllers/authentication'),
};
const passportAuthenticateAsync = function (req, res) {
return new Promise((resolve, reject) => {
passport.authenticate('bearer', { session: false }, (err, user) => {
if (err) {
reject(err);
} else {
resolve(user);
}
})(req, res);
});
};
module.exports = function (middleware) {
async function authenticate(req, res) {
if (req.loggedIn) {
return true;
} else if (req.headers.hasOwnProperty('authorization')) {
passport.authenticate('bearer', { session: false }, function (err, user) {
if (err) { throw new Error(err); }
if (!user) { return false; }
const user = await passportAuthenticateAsync(req, res);
if (!user) { return true; }
// If the token received was a master token, a _uid must also be present for all calls
if (user.hasOwnProperty('uid')) {
req.login(user, async function (err) {
if (err) { throw new Error(err); }
await controllers.authentication.onSuccessfulLogin(req, user.uid);
req.uid = user.uid;
req.loggedIn = req.uid > 0;
return true;
});
} else if (user.hasOwnProperty('master') && user.master === true) {
if (req.body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) {
user.uid = req.body._uid || req.query._uid;
delete user.master;
// If the token received was a master token, a _uid must also be present for all calls
if (user.hasOwnProperty('uid')) {
req.login(user, async function (err) {
if (err) { throw new Error(err); }
@@ -35,27 +59,13 @@ module.exports = function (middleware) {
req.loggedIn = req.uid > 0;
return true;
});
} else if (user.hasOwnProperty('master') && user.master === true) {
if (req.body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) {
user.uid = req.body._uid || req.query._uid;
delete user.master;
req.login(user, async function (err) {
if (err) { throw new Error(err); }
await controllers.authentication.onSuccessfulLogin(req, user.uid);
req.uid = user.uid;
req.loggedIn = req.uid > 0;
return true;
});
} else {
throw new Error('A master token was received without a corresponding `_uid` in the request body');
}
} else {
winston.warn('[api/authenticate] Unable to find user after verifying token');
return false;
throw new Error('A master token was received without a corresponding `_uid` in the request body');
}
})(req, res);
} else {
winston.warn('[api/authenticate] Unable to find user after verifying token');
return true;
}
}
await plugins.fireHook('response:middleware.authenticate', {