| var jwtutil = require('../../../util/jwtutil') |
| var urlutil = require('../../../util/urlutil') |
| |
| var dbapi = require('../../../db/api') |
| |
| module.exports = function(options) { |
| return function(req, res, next) { |
| if (req.query.jwt) { |
| // Coming from auth client |
| var data = jwtutil.decode(req.query.jwt, options.secret) |
| var serial = req.query.serial; |
| var redir = urlutil.removeParam(req.url, 'jwt') |
| if (serial) { |
| redir = urlutil.removeParam(req.url, 'serial') + '#!/control/' + serial; |
| } |
| if (data) { |
| // Redirect once to get rid of the token |
| dbapi.saveUserAfterLogin({ |
| name: data.name |
| , email: data.email |
| , ip: req.ip |
| }) |
| .then(function() { |
| req.session.jwt = data |
| res.redirect(redir) |
| }) |
| .catch(next) |
| } |
| else { |
| // Invalid token, forward to auth client |
| res.redirect(options.authUrl) |
| } |
| } |
| else if (req.session && req.session.jwt) { |
| dbapi.loadUser(req.session.jwt.email) |
| .then(function(user) { |
| if (user) { |
| // Continue existing session |
| req.user = user |
| next() |
| } |
| else { |
| // We no longer have the user in the database |
| res.redirect(options.authUrl) |
| } |
| }) |
| .catch(next) |
| } |
| // Authenticate mock sessions in development. |
| else if (req.query.authed) { |
| req.user = { |
| name: 'auth', |
| email: 'auth', |
| ip: 'auth' |
| }; |
| |
| req.session.jwt = req.user; |
| |
| next(); |
| } |
| else { |
| // No session, forward to auth client |
| res.redirect(options.authUrl) |
| } |
| } |
| } |
