92 lines
1.7 KiB
JavaScript
92 lines
1.7 KiB
JavaScript
const express = require('express');
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
|
|
async function checkAuthorization(req, res, repository, onVerified)
|
|
{
|
|
var token;
|
|
|
|
if (req.headers.authorization)
|
|
{
|
|
if (req.headers.authorization.split(' ')[0] !== 'Bearer')
|
|
{
|
|
res.sendStatus(400);
|
|
return;
|
|
}
|
|
|
|
token = req.headers.authorization.split(' ')[1];
|
|
}
|
|
else if (req.cookies && req.cookies.adminToken)
|
|
{
|
|
token = req.cookies.adminToken;
|
|
}
|
|
else
|
|
{
|
|
res.sendStatus(403);
|
|
return;
|
|
}
|
|
|
|
|
|
jwt.verify(token, config.jwtSecret, async (err, decoded) =>
|
|
{
|
|
try
|
|
{
|
|
if (err)
|
|
{
|
|
res.sendStatus(403);
|
|
return;
|
|
}
|
|
|
|
if (decoded.userId)
|
|
{
|
|
var user = await repository.users.get(decoded.userId);
|
|
if (user === null || !user.active)
|
|
{
|
|
res.sendStatus(403);
|
|
return;
|
|
}
|
|
else
|
|
await onVerified(user);
|
|
}
|
|
else
|
|
res.sendStatus(400);
|
|
}
|
|
catch (e)
|
|
{
|
|
console.log(e);
|
|
res.sendStatus(500);
|
|
}
|
|
});
|
|
}
|
|
|
|
|
|
module.exports = (repository) =>
|
|
{
|
|
var router = express.Router();
|
|
|
|
// Redirects to make Vue-router URLs less quirky
|
|
router.get('/', (req, res) => { res.redirect(301, '/#/admin/') });
|
|
|
|
router.use(async (req, res, next) =>
|
|
{
|
|
try
|
|
{
|
|
await checkAuthorization(req, res, repository, (user) =>
|
|
{
|
|
req.user = user;
|
|
next();
|
|
});
|
|
}
|
|
catch (err)
|
|
{
|
|
console.log(err);
|
|
}
|
|
});
|
|
|
|
require('./status')(repository, router);
|
|
require('./codes')(repository, router);
|
|
require('./uploads')(repository, router);
|
|
require('./users')(repository, router);
|
|
|
|
return router;
|
|
} |