brutaljs/core/middleware/jwt/auth.coffee

BrutalJS ========

jwt = require('jwt-simple')

CONFIG = process.env

User = require('../../models/user')

# User.create({email: 'dssymssy@gmail.com', password: '$2a$10$hHFX5/2vq/Vl/VvaoEO8CeMYS01SaFIywq2PqU1X0/rsxridlJf/O'})

module.exports = (req, res, next) ->
  token = req.get('X-Auth')
  if token?
    decoded = null
    try
      decoded = jwt.decode(token, CONFIG.JWT_SECRET)
    catch err
      console.log(err)
    if !decoded?
      res.send(401)
    else if decoded.exp <= Date.now()
      res
        .status(401)
        .send('Access token has expired')
    else
      if req.user?
        if req.user._id is decoded.user._id then next()
        else
          res
            .status(401)
            .send('Logged in as different user.')
      else
        User.findById(decoded.user, (err, user) ->
          if err?
            res
              .status(400)
              .send('Cant find user')
          else if !user?
            res
              .status(401)
              .send('Cant find user')
          else
            req.user = user.toJSON()
            next()
        )
  else
    res.send(401)