Remove requireAuth middleware
This commit is contained in:
parent
64e2abc361
commit
b2d8e28344
|
@ -1,38 +0,0 @@
|
||||||
/**
|
|
||||||
* Adds the given scope to the array in req.auth if the user has sufficient
|
|
||||||
* permissions. Otherwise rejects the request.
|
|
||||||
*/
|
|
||||||
export default function requireAuth(scope) {
|
|
||||||
let checkScopes;
|
|
||||||
if (scope.includes('.')) {
|
|
||||||
const parts = scope.split('.');
|
|
||||||
checkScopes = scopes =>
|
|
||||||
parts.reduce((memo, part) => memo && memo[part], scopes) != null;
|
|
||||||
} else {
|
|
||||||
checkScopes = scopes => scopes[scope] != null;
|
|
||||||
}
|
|
||||||
|
|
||||||
return function(req, res, next) {
|
|
||||||
if (req.auth && req.auth.includes(scope)) {
|
|
||||||
return next(); // Already auth'd
|
|
||||||
}
|
|
||||||
|
|
||||||
const user = req.user;
|
|
||||||
|
|
||||||
if (!user) {
|
|
||||||
return res.status(403).send({ error: 'Missing auth token' });
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!user.scopes || !checkScopes(user.scopes)) {
|
|
||||||
return res.status(403).send({ error: 'Insufficient scopes' });
|
|
||||||
}
|
|
||||||
|
|
||||||
if (req.auth) {
|
|
||||||
req.auth.push(scope);
|
|
||||||
} else {
|
|
||||||
req.auth = [scope];
|
|
||||||
}
|
|
||||||
|
|
||||||
next();
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue