const jwt = require('jsonwebtoken') const moment = require('moment') const securityHelper = require('../helpers/security') /* global WIKI */ /** * Authentication middleware */ module.exports = { jwt(req, res, next) { WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => { if (err) { return next() } // Expired but still valid within 7 days, just renew if (info instanceof Error && info.name === 'TokenExpiredError' && moment().subtract(14, 'days').isBefore(info.expiredAt)) { const jwtPayload = jwt.decode(securityHelper.extractJWT(req)) try { const newToken = await WIKI.models.users.refreshToken(jwtPayload.id) user = newToken.user // Try headers, otherwise cookies for response if (req.get('content-type') === 'application/json') { res.set('new-jwt', newToken.token) } else { res.cookie('jwt', newToken.token, { expires: moment().add(365, 'days').toDate() }) } } catch (err) { return next() } } // JWT is NOT valid if (!user) { return next() } // JWT is valid req.logIn(user, { session: false }, (err) => { if (err) { return next(err) } next() }) })(req, res, next) }, checkPath(req, res, next) { // Is user authenticated ? if (!req.isAuthenticated()) { if (WIKI.config.public !== true) { return res.redirect('/login') } else { // req.user = rights.guest res.locals.isGuest = true } } else { res.locals.isGuest = false } // Check permissions // res.locals.rights = rights.check(req) // if (!res.locals.rights.read) { // return res.render('error-forbidden') // } // Expose user data res.locals.user = req.user return next() } }