72 lines
1.7 KiB
JavaScript
72 lines
1.7 KiB
JavaScript
const jwt = require("jsonwebtoken")
|
|
const STATUS_CODES = require("../utilities/statusCodes")
|
|
const { getRole, getBuiltinRoles } = require("../utilities/security/roles")
|
|
const { AuthTypes } = require("../constants")
|
|
const {
|
|
getAppId,
|
|
getCookieName,
|
|
clearCookie,
|
|
setCookie,
|
|
isClient,
|
|
} = require("../utilities")
|
|
|
|
module.exports = async (ctx, next) => {
|
|
if (ctx.path === "/_builder") {
|
|
await next()
|
|
return
|
|
}
|
|
|
|
// do everything we can to make sure the appId is held correctly
|
|
// we hold it in state as a
|
|
let appId = getAppId(ctx)
|
|
const cookieAppId = ctx.cookies.get(getCookieName("currentapp"))
|
|
const builtinRoles = getBuiltinRoles()
|
|
if (appId && cookieAppId !== appId) {
|
|
setCookie(ctx, appId, "currentapp")
|
|
} else if (cookieAppId) {
|
|
appId = cookieAppId
|
|
}
|
|
let token, authType
|
|
if (!isClient(ctx)) {
|
|
token = ctx.cookies.get(getCookieName())
|
|
authType = AuthTypes.BUILDER
|
|
}
|
|
if (!token && appId) {
|
|
token = ctx.cookies.get(getCookieName(appId))
|
|
authType = AuthTypes.APP
|
|
}
|
|
|
|
if (!token) {
|
|
ctx.auth.authenticated = false
|
|
ctx.appId = appId
|
|
ctx.user = {
|
|
appId,
|
|
role: builtinRoles.PUBLIC,
|
|
}
|
|
await next()
|
|
return
|
|
}
|
|
|
|
try {
|
|
ctx.auth.authenticated = authType
|
|
const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
|
|
ctx.appId = appId
|
|
ctx.auth.apiKey = jwtPayload.apiKey
|
|
ctx.user = {
|
|
...jwtPayload,
|
|
appId: appId,
|
|
role: await getRole(appId, jwtPayload.roleId),
|
|
}
|
|
} catch (err) {
|
|
if (authType === AuthTypes.BUILDER) {
|
|
clearCookie(ctx)
|
|
ctx.status = 200
|
|
return
|
|
} else {
|
|
ctx.throw(err.status || STATUS_CODES.FORBIDDEN, err.text)
|
|
}
|
|
}
|
|
|
|
await next()
|
|
}
|