76 lines
2.1 KiB
JavaScript
76 lines
2.1 KiB
JavaScript
const path = require('path');
|
|
const fs = require('fs');
|
|
const db = require('./database');
|
|
|
|
module.exports = app => {
|
|
const methodsPath = path.resolve(__dirname, '../methods');
|
|
const methodsDir = fs.readdirSync(methodsPath);
|
|
const methods = [];
|
|
|
|
// Get all methods
|
|
for (let method of methodsDir) {
|
|
if (method.includes('.js'))
|
|
methods.push(method.replace('.js', ''));
|
|
}
|
|
|
|
// Auth middleware
|
|
const paths = [];
|
|
for (let method of methods)
|
|
paths.push(`/api/${method}/*`);
|
|
|
|
app.use(paths, async function(req, res, next) {
|
|
const token = getToken(req);
|
|
const query = `SELECT at.id, at.userId, eu.email, u.lang, at.ttl, at.created
|
|
FROM salix.AccessToken at
|
|
JOIN account.user u ON u.id = at.userid
|
|
JOIN account.emailUser eu ON eu.userFk = u.id
|
|
WHERE at.id = ?`;
|
|
|
|
try {
|
|
const auth = await db.findOne(query, [token]);
|
|
|
|
if (!auth || isTokenExpired(auth.created, auth.ttl))
|
|
throw new Error('Invalid authorization token');
|
|
|
|
const args = Object.assign({}, req.query);
|
|
const props = Object.assign(args, req.body);
|
|
props.authorization = auth.id;
|
|
|
|
req.args = props;
|
|
req.args.auth = {
|
|
userId: auth.userId,
|
|
token: auth.id,
|
|
email: auth.email,
|
|
locale: auth.lang
|
|
};
|
|
|
|
next();
|
|
} catch (error) {
|
|
next(error);
|
|
}
|
|
});
|
|
|
|
function getToken(request) {
|
|
const headers = request.headers;
|
|
const queryParams = request.query;
|
|
|
|
return headers.authorization || queryParams.authorization;
|
|
}
|
|
|
|
function isTokenExpired(created, ttl) {
|
|
const date = new Date(created);
|
|
const currentDate = new Date();
|
|
|
|
date.setSeconds(date.getSeconds() + ttl);
|
|
|
|
if (currentDate > date)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
// Mount methods
|
|
for (let method of methods)
|
|
require(`../methods/${method}`)(app);
|
|
};
|