- Rid roles and get auth working
This commit is contained in:
@@ -1,21 +1,17 @@
|
||||
const JWT = require('jsonwebtoken');
|
||||
const Roles = require('../models/role');
|
||||
|
||||
const KEY = 'Th1s is THE s3cr3t kEy. It secures the t0ken!';
|
||||
|
||||
const Token = {
|
||||
create: (payload, callback) => {
|
||||
JWT.sign(payload, KEY, { expiresIn: '1h' }, callback);
|
||||
create: (payload, expires = '1h', callback) => {
|
||||
JWT.sign(payload, KEY, { expiresIn: expires }, callback);
|
||||
},
|
||||
verify: (token, callback) => {
|
||||
JWT.verify(token, KEY, callback);
|
||||
}
|
||||
};
|
||||
|
||||
var logger = require('../modules/logger');
|
||||
|
||||
function createAnonymousToken (e) {
|
||||
Token.create({ user: null, permission: 0 }, (err, token) => {
|
||||
Token.create({ username: null, can: ['view'] }, (err, token) => {
|
||||
if (err) {
|
||||
e.emit('token:create', err, null);
|
||||
}
|
||||
@@ -26,8 +22,8 @@ function createAnonymousToken (e) {
|
||||
});
|
||||
}
|
||||
|
||||
function createAuthenticatedToken (e, user, event = 'token:create') {
|
||||
Token.create({ user: user.userName, permission: user.permission._id, uid: user.uid }, (err, token) => {
|
||||
function createAuthenticatedToken (e, user, expires = '1h', event = 'token:create') {
|
||||
Token.create({ username: user.name, can: user.can }, expires, (err, token) => {
|
||||
if (err) {
|
||||
e.emit(event, err, null);
|
||||
}
|
||||
@@ -47,7 +43,7 @@ function refreshToken (e, token) {
|
||||
if (decoded) {
|
||||
createAuthenticatedToken(
|
||||
e,
|
||||
{ user: decoded.user, permission: decoded.permission },
|
||||
{ username: decoded.username, can: decoded.can },
|
||||
'token:refresh'
|
||||
);
|
||||
}
|
||||
@@ -88,33 +84,20 @@ function validateToken (e, token, callback) {
|
||||
}
|
||||
}
|
||||
|
||||
function verifyTokenThen (token, action, callback, log = false) {
|
||||
logger.debug('verifyTokenAndRoleThen', { token: token, action: action });
|
||||
validateToken(null, token, (err, decoded) => {
|
||||
logger.debug('verifyTokenAndRoleThen::validateToken', { err: err, decoded: decoded.data });
|
||||
function verifyTokenThen (token, action, callback) {
|
||||
if (action === 'view') {
|
||||
callback(null, { hasPermission: true });
|
||||
} else {
|
||||
validateToken(null, token, (err, decoded) => {
|
||||
if (err) {
|
||||
callback('Session could not be validated.', null);
|
||||
}
|
||||
|
||||
if (err) {
|
||||
callback('Session could not be validated.', null);
|
||||
}
|
||||
|
||||
let [initial, canElevateTo = false] = Array.isArray(action) ? action : [ action ];
|
||||
logger.debug('Roles.canRole[' + initial + ']', Roles.canRole(null, decoded.data.permission, initial));
|
||||
logger.debug('Roles.canRole[' + canElevateTo + ']', Roles.canRole(null, decoded.data.permission, canElevateTo));
|
||||
|
||||
if (decoded && decoded.valid) {
|
||||
Roles.canRole(null, decoded.data.permission, action, (err, result) => {
|
||||
if (err) {
|
||||
callback('There was an error verifying the role permissions.', null);
|
||||
}
|
||||
|
||||
if (result) {
|
||||
decoded.hasPermission = result.hasPermission;
|
||||
decoded.canElevate = result.canElevate;
|
||||
callback(null, decoded);
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
if (decoded) {
|
||||
callback(null, { hasPermission: (decoded.valid && (decoded.can.indexOf(action) > -1)) });
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user