fix auth/oauth

2020-01-30 23:43:58 +01:00
parent c6e4569009
commit 465f2f3210
9 changed files with 55 additions and 36 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -1,39 +1,48 @@
 const debug = require('debug')('auth')
 const oauth = require('./oauth')
+const get = require('lodash/get')

 const Auth = {

-  /** isAuth middleware
-   * req.user is filled in server/helper.js#initMiddleware
-  */
-  isAuth (req, res, next) {
-    return oauth.oauthServer.authenticate()(req, res, next)
-  },
-
  fillUser (req, res, next) {
+    const token = get(req.cookies, 'auth._token.local', null)
+    const authorization = get(req.headers, 'authorization', null)
+    if (!authorization && token) {
+      req.headers.authorization = token
+    }
+
+    if (!authorization && !token) {
+      return next()
+    }
+
    oauth.oauthServer.authenticate()(req, res, () => {
-      req.user = res.locals.oauth.token.user
+      req.user = get(res, 'locals.oauth.token.user', null)
      next()
    })
  },

-  /** isAdmin middleware */
-  isAdmin (req, res, next) {
-    oauth.oauthServer.authenticate()(req, res, () => {
-      req.user = res.locals.oauth.token.user
-      if (req.user.is_admin) {
-        next()
-      } else {
-        res.status(404)
-      }
-    })
+  isAuth (req, res, next) {
+    if (req.user) {
+      next()
+    } else {
+      res.status(404)
+    }
  },

+  isAdmin (req, res, next) {
+    if (req.user.is_admin) {
+      next()
+    } else {
+      res.status(404)
+    }
+  },
+
+  // TODO
  hasPerm (scope) {
    return (req, res, next) => {
      debug(scope, req.path)
      oauth.oauthServer.authenticate({ scope })(req, res, () => {
-        req.user = res.locals.oauth.token.user
+        debug('has perm')
        next()
      })
    }