|
|
|
@ -54,21 +54,18 @@ function isValidApiKey(apikey) {
|
|
|
|
|
// Check if a request is authorized by api_key
|
|
|
|
|
//
|
|
|
|
|
// @param user
|
|
|
|
|
// @param req express request object
|
|
|
|
|
// @param res express response object
|
|
|
|
|
// @param callback function(err, authorized)
|
|
|
|
|
// NOTE: authorized is expected to be 0 or 1 (integer)
|
|
|
|
|
//
|
|
|
|
|
AuthApi.prototype.authorizedByAPIKey = function(user, req, callback) {
|
|
|
|
|
var givenKey = req.query.api_key || req.query.map_key;
|
|
|
|
|
if ( ! givenKey && req.body ) {
|
|
|
|
|
// check also in request body
|
|
|
|
|
givenKey = req.body.api_key || req.body.map_key;
|
|
|
|
|
}
|
|
|
|
|
if ( ! givenKey ) {
|
|
|
|
|
AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
|
|
|
|
|
const apikeyToken = res.locals.apikeyToken;
|
|
|
|
|
|
|
|
|
|
if ( ! apikeyToken ) {
|
|
|
|
|
return callback(null, false); // no api key, no authorization...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
this.metadataBackend.getApikey(user, givenKey, (err, apikey) => {
|
|
|
|
|
this.metadataBackend.getApikey(user, apikeyToken, (err, apikey) => {
|
|
|
|
|
if (err) {
|
|
|
|
|
return callback(err);
|
|
|
|
|
}
|
|
|
|
@ -104,7 +101,7 @@ AuthApi.prototype.authorizedByAPIKey = function(user, req, callback) {
|
|
|
|
|
AuthApi.prototype.authorize = function(req, res, callback) {
|
|
|
|
|
var user = res.locals.user;
|
|
|
|
|
|
|
|
|
|
this.authorizedByAPIKey(user, req, (err, isAuthorizedByApikey) => {
|
|
|
|
|
this.authorizedByAPIKey(user, res, (err, isAuthorizedByApikey) => {
|
|
|
|
|
if (err) {
|
|
|
|
|
return callback(err);
|
|
|
|
|
}
|
|
|
|
|