CartoDB-SQL-API/app/middlewares/authenticated-request.js

36 lines
1.1 KiB
JavaScript
Raw Normal View History

2016-10-04 21:40:56 +08:00
'use strict';
var _ = require('underscore');
var AuthApi = require('../auth/auth_api');
var handleException = require('../utils/error_handler');
function authenticatedMiddleware(userDatabaseService) {
return function middleware(req, res, next) {
req.profiler.start('sqlapi.job');
req.profiler.done('init');
var body = (req.body) ? req.body : {};
// clone so don't modify req.params or req.body so oauth is not broken
2018-02-16 18:52:57 +08:00
var params = _.extend({}, res.locals, req.query, body);
2016-10-04 21:40:56 +08:00
var authApi = new AuthApi(req, res, params);
2017-11-24 22:55:16 +08:00
userDatabaseService.getConnectionParams(authApi, res.locals.user, function connectionParams(err, userDbParams) {
2016-10-04 21:40:56 +08:00
req.profiler.done('setDBAuth');
if (err) {
return handleException(err, res);
}
if (!userDbParams.authenticated) {
2016-10-04 21:40:56 +08:00
return handleException(new Error('permission denied'), res);
}
res.locals.userDbParams = userDbParams;
2016-10-04 21:40:56 +08:00
return next(null);
});
};
}
module.exports = authenticatedMiddleware;