44 lines
1.4 KiB
JavaScript
44 lines
1.4 KiB
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
ROLE_ADMIN: 'admin',
|
|
ROLE_USER: 'user',
|
|
|
|
verifyToken: verifyToken,
|
|
hasRole: hasRole
|
|
};
|
|
|
|
var assert = require('assert'),
|
|
BoxError = require('./boxerror.js'),
|
|
tokendb = require('./tokendb.js'),
|
|
users = require('./users.js');
|
|
|
|
function hasRole(user, requiredRole) {
|
|
assert.strictEqual(typeof user, 'object');
|
|
assert.strictEqual(typeof requiredRole, 'string');
|
|
|
|
if (requiredRole === exports.ROLE_USER) return null;
|
|
if (requiredRole === exports.ROLE_ADMIN && user.admin) return null;
|
|
|
|
return new BoxError(BoxError.ACCESS_DENIED, 'Not allowed');
|
|
}
|
|
|
|
function verifyToken(accessToken, callback) {
|
|
assert.strictEqual(typeof accessToken, 'string');
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
tokendb.getByAccessToken(accessToken, function (error, token) {
|
|
if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
|
if (error) return callback(error);
|
|
|
|
users.get(token.identifier, function (error, user) {
|
|
if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
|
if (error) return callback(error);
|
|
|
|
if (!user.active) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
|
|
|
|
callback(null, user);
|
|
});
|
|
});
|
|
}
|