weiyy / hro-middle · 文件

policies.js 2.2 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 

// app - policies

var connectEnsureLogin = require('connect-ensure-login');
// var auth = require('basic-auth');
var _ = require('underscore');

exports = module.exports = function(IoC, User) {

  // policy/middleware helpers
   var ensureLoggedIn = connectEnsureLogin.ensureLoggedIn;
  // var ensureLoggedOut = connectEnsureLogin.ensureLoggedOut;

  // since there are issues with `passport-http` right now
  // this is implemented as a temporary solution
  function ensureApiToken(req, res, next) {
    // var creds = auth(req);

    // if (!creds || !_.isString(creds.name)) {
    //   res.statusCode = 401;
    //   return next({
    //     message: 'API token missing',
    //     param: 'username'
    //   });
    // }

    // User.findOne({
    //   api_token: creds.name
    // }, function(err, user) {
    //   if (err) return next(err);
    //   if (!user) {
    //     return next({
    //       message: 'Invalid API token provided',
    //       param: 'username'
    //     });
    //   }
    //   req.user = user;
    //   next();
    // });
    if(req.session.passport&&req.session.passport.user&&req.session.passport.user.token)
      next();
    else{
      res.statusCode = 401;
      return next({ message: 'API token missing',param: 'username'});
    }

  }

  function ensureLoggedOut(options){
    if (typeof options == 'string') {
      options = { redirectTo: options }
    }
    options = options || {};
    
    var url = options.redirectTo || '/signIn';
    var setReturnTo = (options.setReturnTo === undefined) ? true : options.setReturnTo;
    return function(req, res, next) { 
      if (!(req.session.passport&&req.session.passport.user&&req.session.passport.user.token)) {
        if (setReturnTo && req.session) {
          req.session.returnTo = req.originalUrl || req.url;
        } 
        res.statusCode=302;
        return res.send({redirect:'/'}); 
        // return res.redirect(url);
      }
      next();
    }
  }


  var policies = {
    ensureLoggedIn: ensureLoggedIn,
    ensureLoggedOut: ensureLoggedOut,
    ensureApiToken: ensureApiToken,
    notApiRouteRegexp: /^(?!\/__webpack_hmr\/)|(?!\/*.ico).*$/
  };

  return policies;

};

exports['@singleton'] = true;
exports['@require'] = [ '$container', 'models/user' ];