mille storie

commenti da mastodon, widget con custom widget test...
2019-04-29 00:27:29 +02:00
parent 3b80dd5f73
commit ac5ef6e324
34 changed files with 573 additions and 275 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -1,43 +1,30 @@
-const jwt = require('jsonwebtoken')
 const { Op } = require('sequelize')
 const config = require('./config')
 const User = require('./models/user')

 const Auth = {
-  fillUser(req, res, next) {
-    const token =
-      req.body.token || req.params.token || req.headers.authorization
-    if (!token) return next()
-    jwt.verify(token, config.secret, async (err, decoded) => {
-      if (err) return next()
-      req.user = await User.findOne({
-        where: { email: { [Op.eq]: decoded.email }, is_active: true }
-      })
-      next()
+  async fillUser(req, res, next) {
+    if (!req.user) return next(new Error('ERROR! No user'))
+    req.user = await User.findOne({
+      where: { id: { [Op.eq]: req.user.id }, is_active: true }
    })
+    next()
  },
-  isAuth(req, res, next) {
-    const token =
-      (req.body && req.body.token) ||
-      req.params.token ||
-      req.headers.authorization
-    if (!token) return res.status(403).send({ message: 'Token not found' })
-    jwt.verify(token, config.secret, async (err, decoded) => {
-      if (err) {
-        return res
-          .status(403)
-          .send({ message: 'Failed to authenticate token ' + err })
-      }
-      req.user = await User.findOne({
-        where: { email: { [Op.eq]: decoded.email }, is_active: true }
-      })
-      if (!req.user) {
-        return res
-          .status(403)
-          .send({ message: 'Failed to authenticate token ' + err })
-      }
-      next()
+  async isAuth(req, res, next) {
+    if (!req.user) {
+      return res
+        .status(403)
+        .send({ message: 'Failed to authenticate token ' })
+    }
+    req.user = await User.findOne({
+      where: { id: { [Op.eq]: req.user.id }, is_active: true }
    })
+    if (!req.user) {
+      return res
+        .status(403)
+        .send({ message: 'Failed to authenticate token ' + err })
+    }
+    next()
  },
  isAdmin(req, res, next) {
    if (req.user.is_admin && req.user.is_active) return next()