UNPKG

express-basic-token

Version:

Express/conect middleware for basic token authentication.

github.com/anvk/express-basic-token

anvk/express-basic-token

64 lines (48 loc) 2.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
'use strict'; Object.defineProperty(exports, '__esModule', { value: true }); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { 'default': obj }; } var _expressUnless = require('express-unless'); var _expressUnless2 = _interopRequireDefault(_expressUnless); var HTTP_INVALID_TOKEN = 400; var HTTP_NOT_AUTHORIZED = 403; exports['default'] = function () { var options = arguments.length <= 0 || arguments[0] === undefined ? {} : arguments[0]; var token = options.token; var _options$tokenName = options.tokenName; var tokenName = _options$tokenName === undefined ? 'x-access-token' : _options$tokenName; var _options$notAuthorizedJSON = options.notAuthorizedJSON; var notAuthorizedJSON = _options$notAuthorizedJSON === undefined ? { message: 'Not Authorized' } : _options$notAuthorizedJSON; var _options$invalidTokenJSON = options.invalidTokenJSON; var invalidTokenJSON = _options$invalidTokenJSON === undefined ? { message: 'Invalid Token' } : _options$invalidTokenJSON; if (!token) { throw new Error('express-basic-token: token should be set'); } var middleware = function middleware(req, res, next) { function getToken(requestLocation, tokenName) { return req[requestLocation] && req[requestLocation][tokenName] ? req[requestLocation][tokenName] : undefined; } var queryToken = getToken('query', tokenName); var bodyToken = getToken('body', tokenName); var headerToken = getToken('headers', tokenName); var error = !!queryToken + !!bodyToken + !!headerToken !== 1; var reqToken = queryToken || bodyToken || headerToken; // RFC6750. Token should exist only in one place if (error) { res.status(HTTP_INVALID_TOKEN); res.json(invalidTokenJSON); return; } // Authorize the user to see if s/he can access our resources if (token !== reqToken) { res.status(HTTP_NOT_AUTHORIZED); res.json(notAuthorizedJSON); return; } next(); // To move to next middleware }; middleware.unless = _expressUnless2['default']; return middleware; }; module.exports = exports['default'];