UNPKG

coco-the-bear-auth-sessiontoken

Version:

A route handler for CoCo The Bear that enforces session token authentication and authorization.

github.com/dannybster/coco-the-bear-auth-sessiontoken

dannybster/coco-the-bear-auth-sessiontoken

82 lines (70 loc) 2.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
// Using let so rewire can replace this dependancy when testing. /* eslint-disable prefer-const */ let cookieParser = require('cookie-parser'); let expressSession = require('express-session'); let passport = require('passport'); /* eslint-enable prefer-const */ const unauthorizedError = require('@dannybster/coco-the-bear-http-errors').unauthorized; const extraOptions = { resave: false, saveUninitialized: false, }; function configureExpressSessionMiddleware(options) { const sessionOptions = Object.assign({}, options, extraOptions); return expressSession(sessionOptions); } function serializeUser(user, callback) { callback(null, user); } function setUp(options) { passport.deserializeUser(serializeUser); passport.serializeUser(serializeUser); return [ configureExpressSessionMiddleware(options), passport.initialize(), passport.session(), cookieParser(), ]; } function authenticateRequest(req, res, next) { const session = req.cookies['connect.sid']; function sessionAuthenticationError() { const info = { cookies: req.cookies }; let message; let body; if (session) { body = { message: 'Session token present at connect.sid is invalid' }; message = 'Invalid session token provided.'; } else { body = { message: 'Session token not present at connect.sid' }; message = 'No session token provided.'; } const error = unauthorizedError.createError(message, info, body); return error; } function sessionAuthenticatedEvent() { return { message: 'A session token was authenticated. See the object for more information', object: { session, user: req.user, }, }; } if (req.user) { req.body.auth = { user: req.user, }; next(); req.events.emitter.emit('app-event', sessionAuthenticatedEvent()); } else { const error = sessionAuthenticationError(); next(error); req.events.emitter.emit('error', error); } } module.exports.deserializeUser = serializeUser; module.exports.extraOptions = extraOptions; module.exports.authenticateRequest = authenticateRequest; module.exports.serializeUser = serializeUser; module.exports.setUp = setUp;