const path = require('path'); const fs = require('fs'); const db = require('./database'); module.exports = app => { const methodsPath = path.resolve(__dirname, '../methods'); const methodsDir = fs.readdirSync(methodsPath); const methods = []; // Get all methods methodsDir.forEach(method => { methods.push(method.replace('.js', '')); }); // Auth middleware const paths = []; for (let method of methods) paths.push(`/api/${method}/*`); app.use(paths, async function(req, res, next) { const token = getToken(req); const query = `SELECT at.id, at.userId, eu.email, u.lang, at.ttl, at.created FROM salix.AccessToken at JOIN account.user u ON u.id = at.userid JOIN account.emailUser eu ON eu.userFk = u.id WHERE at.id = ?`; try { const auth = await db.findOne(query, [token]); if (!auth || isTokenExpired(auth.created, auth.ttl)) throw new Error('Invalid authorization token'); const args = Object.assign({}, req.query); const props = Object.assign(args, req.body); props.authorization = auth.id; req.args = props; req.args.auth = { userId: auth.userId, token: auth.id, email: auth.email, locale: auth.lang }; next(); } catch (error) { next(error); } }); function getToken(request) { const headers = request.headers; const queryParams = request.query; return headers.authorization || queryParams.authorization; } function isTokenExpired(created, ttl) { const date = new Date(created); const currentDate = new Date(); date.setSeconds(date.getSeconds() + ttl); if (currentDate > date) return true; return false; } // Mount methods for (let method of methods) require(`../methods/${method}`)(app); };