1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
const jwt = require("jsonwebtoken");
const { db } = require("./db");
const { JWT_KEY } = require("./");
function authenticateToken(req, res, next) {
if (!req.cookies || !req.cookies.auth_token) {
return res.redirect("/login");
}
const token = req.cookies.auth_token;
// If no token, deny access
if (!token) {
return res.redirect(
`/login?redirect=${encodeURIComponent(req.originalUrl)}`,
);
}
try {
const user = jwt.verify(token, JWT_KEY);
req.user = user;
next();
} catch (error) {
res.redirect(`/login?redirect=${encodeURIComponent(req.originalUrl)}`);
}
}
function authenticateAdmin(req, res, next) {
if (!req.cookies || !req.cookies.auth_token) {
return res.redirect(
`/login?redirect=${encodeURIComponent(req.originalUrl)}`,
);
}
const token = req.cookies.auth_token;
// If no token, deny access
if (!token) {
return res.redirect(
`/login?redirect=${encodeURIComponent(req.originalUrl)}`,
);
}
try {
const user = jwt.verify(token, JWT_KEY);
req.user = user;
const isAdmin = db
.query("SELECT isAdmin FROM users WHERE id = $id and isAdmin = 1")
.get({
id: req.user.id,
});
if (isAdmin) {
next();
} else {
res.status(400).send("only admins can invite");
}
} catch (error) {
res.send(`failed to authenticate as admin: ${error}`);
}
}
module.exports = { authenticateToken, authenticateAdmin };
|
