Skip to content

GitLab

Commit b99ec300 authored by mntmn's avatar mntmn Committed by mntmn
Browse files

allow auth via api_token

parent b93cc203
Hide whitespace changes
Inline Side-by-side
middlewares/session.js
View file @ b99ec300
...@@ -4,8 +4,27 @@ const db = require('../models/db'); ...@@ -4,8 +4,27 @@ const db = require('../models/db');
var config = require('config'); var config = require('config');
module.exports = (req, res, next) => { module.exports = (req, res, next) => {
// authentication via API token
const api_token = req.headers["x-spacedeck-api-token"];
if (api_token && api_token.length>7) {
db.User.findOne({where: {api_token: api_token}}).then(user => {
req.user = user;
next();
}).error(err => {
res.status(403).json({
"error": "invalid_api-token"
});
next();
});
return;
}
// authentication via session/cookie
const token = req.cookies["sdsession"]; const token = req.cookies["sdsession"];
if (token && token != "null" && token != null) { if (token && token != "null" && token != null) {
db.Session.findOne({where: {token: token}}) db.Session.findOne({where: {token: token}})
.then(session => { .then(session => {
...@@ -28,7 +47,7 @@ module.exports = (req, res, next) => { ...@@ -28,7 +47,7 @@ module.exports = (req, res, next) => {
} else { } else {
res.send("Please clear your cookies and try again."); res.send("Please clear your cookies and try again.");
} }
} else { } else {
req["token"] = token; req["token"] = token;
req["user"] = user; req["user"] = user;
...@@ -44,4 +63,3 @@ module.exports = (req, res, next) => { ...@@ -44,4 +63,3 @@ module.exports = (req, res, next) => {
next(); next();
} }
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Dies ist die Gitlab-Instanz des Transferportals der Hochschule für Technik Stuttgart. Hier geht es zurück zum Portal