koblas

2 minute read

TEXT HERE

import RedisSession from "redis-sessions";
import settings from "../../config/settings";
import InvalidTokenError from '../../lib/errors/invalidTokenError';

const rs = new RedisSession({ host: settings.redis.host });

const apiUserAuthMiddleWare = (request, response, next) => {
  const sessionToken = request.headers["token"];

  if (typeof sessionToken === "undefined") {
    return next();
  }

  rs.get(
    {
      app: "api-session",
      token: sessionToken,
    },
    (err, session) => {
      if (err || !session || !session.d) {
        response.header("Access-Control-Allow-Origin", "*");
        return response.status(InvalidTokenError.httpCode)
        .json(InvalidTokenError.errorResponse());
      }
      request.session.user = session.d;
      const db = request.session.db;
      const include = {
        model: db.merchant,
        include: {
          model: db.balance,
          attributes: db.balance.generalAttributes(),
          include: db.currency,
        },
      };
      db.user.findOne({ where: { id: session.d.id }, include })
      .then(
        (user) => {
          request.session.merchant = user.merchant;
          request.session.testMode = user.merchant.testMode;
          return next();
        },
      );
    },
  );
};

export default apiUserAuthMiddleWare;
import RedisSession from "redis-sessions";
import settings from "../../config/settings";
import InvalidTokenError from '../../lib/errors/invalidTokenError';

const rs = new RedisSession({ host: settings.redis.host });

//
// Convert rs.get() from a callback function to something that returns a Promise
//
const getSession = token => new Promise((resolve, reject) => {
  rs.get({ app: "api-session", token }, (err, session) => {
    if (err) {
      reject(err);
    } else {
      resolve(session);
    }
  });
});

//
//  Pull the merchant information out of the x-session-token header and
//  convert into a merchant id
//
export default async function apiUserAuthMiddleWare(request, response, next) {
  const sessionToken = request.headers["token"];

  if (sessionToken === undefined || !sessionToken) {
    next();
    return;
  }

  let session;
  try {
    session = await getSession(sessionToken);
  } catch (err) {
    // fall through
  }

  if (session === undefined || !session || !session.d) {
    response.header("Access-Control-Allow-Origin", "*");
    response.status(InvalidTokenError.httpCode).json(InvalidTokenError.errorResponse());
    return;
  }

  try {
    request.session.user = session.d;

    const db = request.session.db;
    const include = {
      model: db.merchant,
      include: {
        model: db.balance,
        attributes: db.balance.generalAttributes(),
        include: db.currency,
      },
    };

    const user = await db.user.findOne({ where: { id: session.d.id }, include });

    request.session.merchant = user.merchant;
    request.session.testMode = user.merchant ? user.merchant.testMode : false;
  } catch (err) {
    next(err);
    return;
  }

  next();
}
comments powered by Disqus