60 lines
1.9 KiB
JavaScript
60 lines
1.9 KiB
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
scope: scope,
|
|
websocketAuth: websocketAuth
|
|
};
|
|
|
|
var accesscontrol = require('../accesscontrol.js'),
|
|
assert = require('assert'),
|
|
auth = require('../auth.js'),
|
|
debug = require('debug')('box:routes/accesscontrol'),
|
|
HttpError = require('connect-lastmile').HttpError,
|
|
passport = require('passport');
|
|
|
|
// The scope middleware provides an auth middleware for routes.
|
|
//
|
|
// It is used for API routes, which are authenticated using accesstokens.
|
|
// Those accesstokens carry OAuth scopes and the middleware takes the required
|
|
// scope as an argument and will verify the accesstoken against it.
|
|
//
|
|
// See server.js:
|
|
// var profileScope = routes.oauth2.scope('profile');
|
|
//
|
|
function scope(requestedScope) {
|
|
assert.strictEqual(typeof requestedScope, 'string');
|
|
|
|
var requestedScopes = requestedScope.split(',');
|
|
debug('scope: add routes with requested scopes', requestedScopes);
|
|
|
|
return [
|
|
passport.authenticate(['bearer'], { session: false }),
|
|
|
|
function (req, res, next) {
|
|
var error = accesscontrol.validateRequestedScopes(req.authInfo || null, requestedScopes);
|
|
if (error) return next(new HttpError(403, error.message));
|
|
|
|
next();
|
|
}
|
|
];
|
|
}
|
|
|
|
function websocketAuth(requestedScopes, req, res, next) {
|
|
assert(Array.isArray(requestedScopes));
|
|
|
|
if (typeof req.query.access_token !== 'string') return next(new HttpError(401, 'Unauthorized'));
|
|
|
|
auth.accessTokenAuth(req.query.access_token, function (error, user, info) {
|
|
if (error) return next(new HttpError(500, error.message));
|
|
if (!user) return next(new HttpError(401, 'Unauthorized'));
|
|
|
|
req.user = user;
|
|
req.authInfo = info;
|
|
|
|
var e = accesscontrol.validateRequestedScopes(req.authInfo, requestedScopes);
|
|
if (e) return next(new HttpError(401, e.message));
|
|
|
|
next();
|
|
});
|
|
}
|