2016-10-04 21:40:56 +08:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
var _ = require('underscore');
|
|
|
|
|
var AuthApi = require('../auth/auth_api');
|
|
|
|
|
var handleException = require('../utils/error_handler');
|
|
|
|
|
|
|
|
|
|
function authenticatedMiddleware(userDatabaseService) {
|
|
|
|
|
return function middleware(req, res, next) {
|
|
|
|
|
req.profiler.start('sqlapi.job');
|
|
|
|
|
req.profiler.done('init');
|
|
|
|
|
|
|
|
|
|
var body = (req.body) ? req.body : {};
|
|
|
|
|
// clone so don't modify req.params or req.body so oauth is not broken
|
|
|
|
|
var params = _.extend({}, req.query, body);
|
|
|
|
|
|
|
|
|
|
var authApi = new AuthApi(req, params);
|
2017-11-24 22:55:16 +08:00
|
|
|
userDatabaseService.getConnectionParams(authApi, res.locals.user, function connectionParams(err, userDbParams) {
|
2016-10-04 21:40:56 +08:00
|
|
|
req.profiler.done('setDBAuth');
|
|
|
|
|
|
|
|
|
|
if (err) {
|
|
|
|
|
return handleException(err, res);
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-24 22:45:49 +08:00
|
|
|
if (!userDbParams.authenticated) {
|
2016-10-04 21:40:56 +08:00
|
|
|
return handleException(new Error('permission denied'), res);
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-24 22:49:25 +08:00
|
|
|
res.locals.userDbParams = userDbParams;
|
2016-10-04 21:40:56 +08:00
|
|
|
|
|
|
|
|
return next(null);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = authenticatedMiddleware;
|
