tokens: async'ify

src/routes/accesscontrol.js

@@ -8,13 +8,14 @@ exports = module.exports = {
     websocketAuth
 };
 
-var accesscontrol = require('../accesscontrol.js'),
+const accesscontrol = require('../accesscontrol.js'),
     assert = require('assert'),
     BoxError = require('../boxerror.js'),
     externalLdap = require('../externalldap.js'),
     HttpError = require('connect-lastmile').HttpError,
-    users = require('../users.js'),
-    speakeasy = require('speakeasy');
+    safe = require('safetydance'),
+    speakeasy = require('speakeasy'),
+    users = require('../users.js');
 
 function passwordAuth(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
@@ -77,17 +78,16 @@ function passwordAuth(req, res, next) {
     }
 }
 
-function tokenAuth(req, res, next) {
-    var token;
+async function tokenAuth(req, res, next) {
+    let token;
 
     // this determines the priority
     if (req.body && req.body.access_token) token = req.body.access_token;
     if (req.query && req.query.access_token) token = req.query.access_token;
     if (req.headers && req.headers.authorization) {
-        var parts = req.headers.authorization.split(' ');
+        const parts = req.headers.authorization.split(' ');
         if (parts.length == 2) {
-            var scheme = parts[0];
-            var credentials = parts[1];
+            const [scheme, credentials] = parts;
 
             if (/^Bearer$/i.test(scheme)) token = credentials;
         }
@@ -95,15 +95,14 @@ function tokenAuth(req, res, next) {
 
     if (!token) return next(new HttpError(401, 'Unauthorized'));
 
-    accesscontrol.verifyToken(token, function (error, user) {
-        if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));
-        if (error) return next(new HttpError(500, error.message));
+    const [error, user] = await safe(accesscontrol.verifyToken(token));
+    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));
+    if (error) return next(new HttpError(500, error.message));
 
-        req.access_token = token; // used in logout route
-        req.user = user;
+    req.access_token = token; // used in logout route
+    req.user = user;
 
-        next();
-    });
+    next();
 }
 
 function authorize(requiredRole) {
@@ -118,19 +117,18 @@ function authorize(requiredRole) {
     };
 }
 
-function websocketAuth(requiredRole, req, res, next) {
+async function websocketAuth(requiredRole, req, res, next) {
     assert.strictEqual(typeof requiredRole, 'string');
 
     if (typeof req.query.access_token !== 'string') return next(new HttpError(401, 'Unauthorized'));
 
-    accesscontrol.verifyToken(req.query.access_token, function (error, user) {
-        if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));
-        if (error) return next(new HttpError(500, error.message));
+    const [error, user] = await safe(accesscontrol.verifyToken(req.query.access_token));
+    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));
+    if (error) return next(new HttpError(500, error.message));
 
-        req.user = user;
+    req.user = user;
 
-        if (users.compareRoles(req.user.role, requiredRole) < 0) return next(new HttpError(403, `role '${requiredRole}' is required but user has only '${user.role}'`));
+    if (users.compareRoles(req.user.role, requiredRole) < 0) return next(new HttpError(403, `role '${requiredRole}' is required but user has only '${user.role}'`));
 
-        next();
-    });
+    next();
 }