124 lines
3.9 KiB
JavaScript
124 lines
3.9 KiB
JavaScript
const { verifyToken, generateAccesToken, generateRefreshToken } = require("./auth");
|
|
|
|
const auth = (req, res, next) => {
|
|
const refreshToken = req.cookies.refreshToken;
|
|
const accessToken = req.cookies.accessToken;
|
|
const permtoken = req.cookies.permtoken;
|
|
if (!refreshToken && !accessToken && !permtoken) return res.status(401).json({ error: "Unauthorized" });
|
|
|
|
if (accessToken) {
|
|
const result = verifyToken(accessToken);
|
|
if (result == false) {
|
|
//remove refresh token
|
|
res.cookie("accessToken", "", { httpOnly: true });
|
|
}
|
|
if (result.user) {
|
|
req.user = result.user;
|
|
return next();
|
|
}
|
|
}
|
|
|
|
else if (refreshToken && !accessToken) {
|
|
const result = verifyToken(refreshToken);
|
|
if (result != false) {
|
|
//create new access token
|
|
const newAccessToken = generateAccesToken(result.user);
|
|
res.cookie("accessToken", newAccessToken, { httpOnly: true });
|
|
}
|
|
else {
|
|
//remove refresh token
|
|
res.cookie("refreshToken", "", { httpOnly: true });
|
|
}
|
|
if (result.user) {
|
|
req.user = result.user;
|
|
return next();
|
|
}
|
|
}
|
|
|
|
else if (permtoken) {
|
|
const result = verifyToken(permtoken);
|
|
if (result != false) {
|
|
//create new access token
|
|
const newAccessToken = generateAccesToken(result.user);
|
|
res.cookie("accessToken", newAccessToken, { httpOnly: true });
|
|
|
|
//create new refresh token
|
|
const newRefreshToken = generateRefreshToken(result.user);
|
|
res.cookie("refreshToken", newRefreshToken, { httpOnly: true });
|
|
}
|
|
else {
|
|
//remove permtoken
|
|
res.cookie("permtoken", "", { httpOnly: true });
|
|
}
|
|
if (result.user) {
|
|
req.user = result.user;
|
|
return next();
|
|
}
|
|
}
|
|
|
|
return res.status(401).json({ error: "Unauthorized" });
|
|
}
|
|
|
|
const publicauth = (req, res, next) => {
|
|
const refreshToken = req.cookies.refreshToken;
|
|
const accessToken = req.cookies.accessToken;
|
|
const permtoken = req.cookies.permtoken;
|
|
if (!refreshToken && !accessToken && !permtoken) {
|
|
req.user = null;
|
|
return next();
|
|
}
|
|
|
|
if (accessToken) {
|
|
const result = verifyToken(accessToken);
|
|
if (result == false) {
|
|
//remove refresh token
|
|
res.cookie("accessToken", "", { httpOnly: true });
|
|
}
|
|
if (result.user) {
|
|
req.user = result.user;
|
|
return next();
|
|
}
|
|
}
|
|
|
|
else if (refreshToken && !accessToken) {
|
|
const result = verifyToken(refreshToken);
|
|
if (result != false) {
|
|
//create new access token
|
|
const newAccessToken = generateAccesToken(result.user);
|
|
res.cookie("accessToken", newAccessToken, { httpOnly: true });
|
|
}
|
|
else {
|
|
//remove refresh token
|
|
res.cookie("refreshToken", "", { httpOnly: true });
|
|
}
|
|
if (result.user) {
|
|
req.user = result.user;
|
|
return next();
|
|
}
|
|
}
|
|
|
|
else if (permtoken) {
|
|
const result = verifyToken(permtoken);
|
|
if (result != false) {
|
|
//create new access token
|
|
const newAccessToken = generateAccesToken(result.user);
|
|
res.cookie("accessToken", newAccessToken, { httpOnly: true });
|
|
|
|
//create new refresh token
|
|
const newRefreshToken = generateRefreshToken(result.user);
|
|
res.cookie("refreshToken", newRefreshToken, { httpOnly: true });
|
|
}
|
|
else {
|
|
//remove permtoken
|
|
res.cookie("permtoken", "", { httpOnly: true });
|
|
}
|
|
if (result.user) {
|
|
req.user = result.user;
|
|
return next();
|
|
}
|
|
}
|
|
|
|
req.user = null;
|
|
}
|
|
|
|
module.exports = { auth, publicauth }; |