2018-10-23 23:45:42 +08:00
|
|
|
'use strict';
|
|
|
|
|
2018-03-12 18:52:38 +08:00
|
|
|
const basicAuth = require('basic-auth');
|
2018-02-16 00:49:47 +08:00
|
|
|
|
2018-03-12 18:52:38 +08:00
|
|
|
module.exports = function credentials () {
|
|
|
|
return function credentialsMiddleware(req, res, next) {
|
2018-02-26 22:57:42 +08:00
|
|
|
const apikeyCredentials = getApikeyCredentialsFromRequest(req);
|
2018-03-12 18:52:38 +08:00
|
|
|
|
2018-02-26 22:57:42 +08:00
|
|
|
res.locals.api_key = apikeyCredentials.token;
|
2018-03-12 18:52:38 +08:00
|
|
|
res.locals.basicAuthUsername = apikeyCredentials.username;
|
|
|
|
res.set('vary', 'Authorization'); //Honor Authorization header when caching.
|
|
|
|
|
2018-02-26 22:57:42 +08:00
|
|
|
return next();
|
|
|
|
};
|
2018-02-16 00:49:47 +08:00
|
|
|
};
|
2018-02-20 19:31:36 +08:00
|
|
|
|
|
|
|
function getApikeyCredentialsFromRequest(req) {
|
|
|
|
let apikeyCredentials = {
|
|
|
|
token: null,
|
|
|
|
username: null,
|
|
|
|
};
|
|
|
|
|
|
|
|
for (let getter of apikeyGetters) {
|
|
|
|
apikeyCredentials = getter(req);
|
|
|
|
if (apikeyTokenFound(apikeyCredentials)) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return apikeyCredentials;
|
|
|
|
}
|
|
|
|
|
|
|
|
const apikeyGetters = [
|
|
|
|
getApikeyTokenFromHeaderAuthorization,
|
|
|
|
getApikeyTokenFromRequestQueryString,
|
|
|
|
getApikeyTokenFromRequestBody,
|
|
|
|
];
|
|
|
|
|
|
|
|
function getApikeyTokenFromHeaderAuthorization(req) {
|
|
|
|
const credentials = basicAuth(req);
|
|
|
|
|
|
|
|
if (credentials) {
|
|
|
|
return {
|
|
|
|
username: credentials.username,
|
|
|
|
token: credentials.pass
|
|
|
|
};
|
|
|
|
} else {
|
|
|
|
return {
|
|
|
|
username: null,
|
|
|
|
token: null,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function getApikeyTokenFromRequestQueryString(req) {
|
|
|
|
let token = null;
|
|
|
|
|
|
|
|
if (req.query && req.query.api_key) {
|
|
|
|
token = req.query.api_key;
|
|
|
|
} else if (req.query && req.query.map_key) {
|
|
|
|
token = req.query.map_key;
|
|
|
|
}
|
|
|
|
|
|
|
|
return {
|
|
|
|
username: null,
|
|
|
|
token: token,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
function getApikeyTokenFromRequestBody(req) {
|
|
|
|
let token = null;
|
|
|
|
|
|
|
|
if (req.body && req.body.api_key) {
|
|
|
|
token = req.body.api_key;
|
|
|
|
} else if (req.body && req.body.map_key) {
|
|
|
|
token = req.body.map_key;
|
|
|
|
}
|
|
|
|
|
|
|
|
return {
|
|
|
|
username: null,
|
|
|
|
token: token,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
function apikeyTokenFound(apikey) {
|
|
|
|
return !!apikey && !!apikey.token;
|
|
|
|
}
|