@hicoder/express-auth-server
Version:
Model Driver Development Stack - authentication and authorization server for mongoose and express based application. It can be enabled to work as authentication, user profile managment, and authorization management servers.
145 lines (122 loc) • 4.04 kB
JavaScript
const express = require('express');
const createError = require('http-errors');
const AuthnController = require('./controller')
const { templates, commonInfo } = require('./mdds-emailing');
const AuthnRouter = function(userDef, options, getUserRoleFunc) {
let authModelCreated = false;
const authn = userDef.authn || {};
let authUserFields = "username";
if ("authUserFields" in authn) {
authUserFields = authn["authUserFields"];
}
let authPasswordField = "password";
if ("authPasswordField" in authn) {
authPasswordField = authn["authPasswordField"];
}
let authSchemaName;
if ("authUserSchema" in authn) {
authSchemaName = authn["authUserSchema"];
}
let profileFields;
if ("authProfileFields" in authn) {
profileFields = authn["authProfileFields"];
}
const authnController = new AuthnController(options);
// Find the authSchema (ie. the users or accounts schema)
let schemas = userDef.schemas;
for (let schemaName in schemas) {
if (schemaName == authSchemaName) {
let schemaDef = schemas[schemaName];
let mraBE = schemaDef.mraBE || {}
authnController.registerAuth(authSchemaName, schemaDef.schema, userDef.DB_CONFIG,
authUserFields, authPasswordField, profileFields,
mraBE);
authModelCreated = true;
break;
}
}
let expressRouter = express.Router();
let setSchemaName = function(req, res, next) {
req.authSchemaName = authSchemaName;
next();
}
let roleFunc = function(req, res, next) {
if (getUserRoleFunc) getUserRoleFunc(req, res, next);
else next();
}
if (authModelCreated) {
expressRouter.post(
"/login",
setSchemaName,
authnController.authLogin.bind(authnController),
roleFunc,
authnController.generateToken.bind(authnController)
);
expressRouter.post(
"/refresh",
setSchemaName,
authnController.verifyRefreshToken.bind(authnController),
authnController.authRefresh.bind(authnController),
roleFunc,
authnController.generateToken.bind(authnController)
);
expressRouter.post(
"/getprofile",
setSchemaName,
authnController.verifyRefreshToken.bind(authnController),
authnController.getProfile.bind(authnController),
);
expressRouter.post(
"/updateprofile",
setSchemaName,
authnController.verifyRefreshToken.bind(authnController),
authnController.updateProfile.bind(authnController),
);
expressRouter.post("/register",
setSchemaName,
authnController.authRegister.bind(authnController)
);
expressRouter.post("/regverification",
setSchemaName,
authnController.authVerifyReg.bind(authnController)
);
expressRouter.post("/changepass",
setSchemaName,
authnController.authLogin.bind(authnController),
authnController.changePass.bind(authnController)
);
expressRouter.post("/findpass",
setSchemaName,
authnController.findPass.bind(authnController)
);
//expressRouter = util.moveRouterStackTailToHead(expressRouter, 3);
//not supported api
expressRouter.use(function(req, res, next) {
next(createError(404));
});
//error handler
expressRouter.use(function(err, req, res, next) {
let e = {"error": err.message,
"status": err.status || 500};
if (req.app.get('env') === 'development') {
e.details = err.stack
}
// render the error page
res.status(err.status || 500);
res.json(e);
});
}
expressRouter.setEmailer = function(emailer, info) {
if (!authnController.mddsProperties) {
authnController.mddsProperties = {};
}
emailer.populateTemplatesToDB(templates);
authnController.mddsProperties.emailer = emailer;
authnController.mddsProperties.emailerObj = commonInfo;
if (info) {
authnController.mddsProperties.emailerObj = info;
}
}
return expressRouter;
}
module.exports = AuthnRouter;