mrfrys-node-server/src/middlewares/auth.middleware.ts

import logger from '../utils/logger'
import utils from '../utils/utils'
import dbtools from '../utils/dbtools'

interface Options {
  userDB: any
  jsonResponse: boolean
  exceptions: Array<string>
}

export const testUser = {
  id: 19,
  avaiblePWRequests: 645,
  pwRequestCount: 19,
  created: new Date(),
  pw: 'secret',
  loginCount: 3,
  createdBy: 1,
}

function renderLogin(req, res, jsonResponse) {
  res.status('401') // Unauthorized
  if (jsonResponse) {
    res.json({
      result: 'nouser',
      msg: 'You are not logged in',
    })
  } else {
    res.render('login', {
      devel: process.env.NS_DEVEL,
    })
  }
}

export default function (options: Options): any {
  const { userDB, jsonResponse, exceptions } = options

  return function (req, res, next) {
    const sessionID = req.cookies.sessionID
    const isException = exceptions.some((exc) => {
      return req.url.split('?')[0] === exc
    })

    if (process.env.NS_NOUSER) {
      req.session = {
        user: testUser,
        sessionID: sessionID || 111111111111111111,
        isException: false,
      }
      next()
      return
    }

    // FIXME Allowing all urls with _next in it, but not in params
    if (
      req.url.split('?')[0].includes('_next') ||
      req.url.split('?')[0].includes('well-known/acme-challenge')
    ) {
      req.session = { isException: true }
      next()
      return
    }

    if (!sessionID) {
      if (isException) {
        logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
        req.session = { isException: true }
        next()
        return
      }
      logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1)
      renderLogin(req, res, jsonResponse)
      return
    }

    const user = GetUserBySessionID(userDB, sessionID)

    if (!user) {
      if (isException) {
        logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
        req.session = { isException: true }
        next()
        return
      }
      logger.DebugLog(`No user:${req.url}`, 'auth', 1)
      renderLogin(req, res, jsonResponse)
      return
    }

    req.session = {
      user: user,
      sessionID: sessionID,
      isException: isException,
    }

    logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)

    dbtools.Update(
      userDB,
      'sessions',
      {
        lastAccess: utils.GetDateString(),
      },
      {
        id: sessionID,
      }
    )

    dbtools.Update(
      userDB,
      'users',
      {
        lastAccess: utils.GetDateString(),
      },
      {
        id: user.id,
      }
    )

    next()
  }
}

function GetUserBySessionID(db: any, sessionID: string) {
  logger.DebugLog(`Getting user from db`, 'auth', 2)

  const session = dbtools.Select(db, 'sessions', {
    id: sessionID,
  })[0]

  if (!session) {
    return
  }

  const user = dbtools.Select(db, 'users', {
    id: session.userID,
  })[0]

  if (user) {
    return user
  }
}