UNPKG

coco-the-bear-auth-sessiontoken

Version:

A route handler for CoCo The Bear that enforces session token authentication and authorization.

github.com/dannybster/coco-the-bear-auth-sessiontoken

dannybster/coco-the-bear-auth-sessiontoken

108 lines (92 loc) 3.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
const ObjectID = require('mongodb').ObjectID; const httpErrors = require('@dannybster/coco-the-bear-http-errors'); const { notFound, serviceUnavailable, } = httpErrors; function createAuthorizationDocument(req, res, next) { /* eslint-disable no-underscore-dangle */ const authorizationDocument = { documentId: req.datasource.result._id, userId: req.user._id, }; /* eslint-enable no-underscore-dangle */ function emitAttemptingToCreateAuthorizationDocument() { req.events.emitter.emit('app-event', { message: 'Creating an authorization document. See the object for more info.', object: authorizationDocument, }); } function createDocument() { function handleError(err) { const message = 'Error creating an authorization document. See the info object for more info.'; const responseBody = { message: 'Error creating authorization document.' }; const error = serviceUnavailable .createError(message, authorizationDocument, responseBody, err); next(error); req.events.emitter.emit('error', error); } function handleSuccess() { next(); req.events.emitter.emit('app-event', { message: 'Authorization document successfully created. See the object for more info.', object: authorizationDocument, }); } req .datasource .db .collection('authorizationDocuments') .insertOne(authorizationDocument, (err) => { if (err) { handleError(err); } else { handleSuccess(); } }); } emitAttemptingToCreateAuthorizationDocument(); createDocument(); } function authorizeRequest(req, res, next) { /* eslint-disable no-underscore-dangle */ const userId = req.user._id; /* eslint-enable no-underscore-dangle */ const authorizationDocument = { userId, documentId: new ObjectID(req.params.identifier), }; req.events.emitter.emit('app-event', { message: 'Looking up an authorization document. See the object for more info.', object: authorizationDocument, }); req .datasource .db .collection('authorizationDocuments') .findOne(authorizationDocument, (err, foundAuthorizationDocument) => { if (err) { const message = 'Error finding an authorization document. See the info object for more info.'; const responseBody = { message: 'Error finding an authorization document.' }; const error = notFound.createError(message, authorizationDocument, responseBody, err); next(error); req.events.emitter.emit('error', error); } else if (!foundAuthorizationDocument) { const message = 'Authorization document not found. See the info object for more info.'; const responseBody = { message: `A document matching ${authorizationDocument.documentId.toString()} could not be found for the user ${userId}` }; const error = notFound.createError(message, authorizationDocument, responseBody); next(error); req.events.emitter.emit('error', error); } else { next(); req.events.emitter.emit('app-event', { message: 'Successfully found an authorization document. See the object for more info.', object: foundAuthorizationDocument, }); } }); } module.exports.authorizeRequest = authorizeRequest; module.exports.createAuthorizationDocument = createAuthorizationDocument;