@quarks/quarks-iam
Version:
A modern authorization server built to authenticate your users and protect your APIs
50 lines (40 loc) • 875 B
JavaScript
/**
* Module dependencies
*/
var User = require('../models/User')
var UnauthorizedError = require('../errors/UnauthorizedError')
/**
* Authenticate User
*/
function authenticateUser (req, res, next) {
// Check for verified access token
if (req.claims && req.claims.sub) {
User.get(req.claims.sub, function (err, user) {
if (err) {
return next(err)
}
if (!user) {
return next(new UnauthorizedError({
realm: 'user',
error: 'unknown_user',
error_description: 'Unknown user',
statusCode: 401
}))
}
req.user = user
next()
})
// User is not authenticated.
} else if (!req.user) {
next(new UnauthorizedError({
statusCode: 401
}))
// User is authenticated.
} else {
next()
}
}
/**
* Exports
*/
module.exports = authenticateUser