Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Tree: 3ab4e86769
Branches Tags
weseek__growi
/
apps
/
app
/
src
/
server
/
middlewares
/
access-token-parser.ts

access-token-parser.ts 948 B
History Raw

12345678910111213141516171819202122232425262728293031323334353637 
  1. import { serializeUserSecurely } from '@growi/core/dist/models/serializers';
    2. 

  2. import mongoose from 'mongoose';
    3. 

  3. 

  4. import loggerFactory from '~/utils/logger';
    5. 

  5. 

  6. 

  7. const logger = loggerFactory('growi:middleware:access-token-parser');
    8. 

  8. 

  9. module.exports = (crowi) => {
    10. 

  10. 

  11.   return async(req, res, next) => {
    12. 

  12.     // TODO: comply HTTP header of RFC6750 / Authorization: Bearer
    13. 

  13.     const accessToken = req.query.access_token || req.body.access_token || null;
    14. 

  14.     if (accessToken == null || typeof accessToken !== 'string') {
    15. 

  15.       return next();
    16. 

  16.     }
    17. 

  17. 

  18.     const User = mongoose.model('User');
    19. 

  19. 

  20.     logger.debug('accessToken is', accessToken);
    21. 

  21. 

  22.     const user = await User.findUserByApiToken(accessToken).lean();
    23. 

  23. 

  24.     if (user == null) {
    25. 

  25.       logger.debug('The access token is invalid');
    26. 

  26.       return next();
    27. 

  27.     }
    28. 

  28. 

  29.     // transforming attributes
    30. 

  30.     req.user = serializeUserSecurely(user);
    31. 

  31. 

  32.     logger.debug('Access token parsed.');
    33. 

  33. 

  34.     return next();
    35. 

  35.   };
    36. 

  36. 

  37. };
    38.