Add auth and blacklist APIs

server/middleware/userToken.js

@@ -0,0 +1,41 @@
+const AuthAPI = require('../AuthAPI')
+
+const ReadMethods = { GET: true, HEAD: true }
+
+/**
+ * Sets req.user from the payload in the auth token in the request.
+ */
+function userToken(req, res, next) {
+  if (req.user) {
+    return next()
+  }
+
+  const token = (ReadMethods[req.method] ? req.query : req.body).token
+
+  if (!token) {
+    req.user = null
+    return next()
+  }
+
+  AuthAPI.verifyToken(token).then(
+    payload => {
+      req.user = payload
+      next()
+    },
+    error => {
+      if (error.name === 'JsonWebTokenError') {
+        res.status(403).send({
+          error: `Bad auth token: ${error.message}`
+        })
+      } else {
+        console.error(error)
+
+        res.status(500).send({
+          error: 'Unable to verify auth'
+        })
+      }
+    }
+  )
+}
+
+module.exports = userToken