API tools faq
paste
Guest User

Untitled

a guest
Dec 11th, 2018
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.90 KB | None | 0 0
raw download clone embed print report
  1. exports = module.exports = function checkAuthentication(Y) {
  2. var NS = Y.namespace('TDP'),
  3. /**
  4. This is our model for handling all authentication. Tt will query against
  5. two different URLs depending upon if it needs a code or an access token.
  6. **/
  7. OAuthModel = Y.Base.create('oauthModel', Y.Model, [ Y.ModelSync.REST ],
  8. {
  9. get_token : global.config.webservices.path + '/api/oauth/access_token',
  10. authorize : global.config.webservices.path + '/api/oauth/authorize',
  11.  
  12. getURL : function() {
  13. if ( this.get('code') ) {
  14. this.url = this.get_token;
  15. } else {
  16. this.url = this.authorize;
  17. }
  18.  
  19. return Y.ModelSync.REST.prototype.getURL.apply(this, arguments);
  20. }
  21. },
  22. {
  23. ATTRS : {
  24. email : { },
  25. password : { },
  26. // These should *only* be available on the server. They are private!
  27. client_id : { value : 'your-app-client-id' },
  28. client_secret : { value : 'your-app-client-secret' },
  29. access_token : { },
  30. token_type : { },
  31. code : { }
  32. }
  33. }
  34. );
  35. /**
  36. The Express handler for determining if the user is logged in.
  37. **/
  38. return function(req, res, next) {
  39. // We attach models to the request, so we can load things as we go and
  40. // keep them
  41. if ( ! Y.Lang.isObject( req.models ) ) {
  42. req.models = { };
  43. }
  44. var oauth,
  45. person = new NS.Person();
  46.  
  47. // Do we have an auth token to try? If so, use that and try to load the
  48. // person. If it fails, we go to the login page.
  49. if ( req.session.oauth && req.session.oauth.access_token ) {
  50. oauth = new OAuthModel(req.session.oauth);
  51. person.load(
  52. { headers : { 'X-Access-Token' : oauth.get('access_token') } },
  53. function(err, res) {
  54. if ( err && err.code === 403 ) {
  55. res.redirect('/login');
  56. return;
  57. }
  58. req.models.Person = person;
  59. next();
  60. }
  61. );
  62. }
  63. else if ( req.method === 'POST' && req.body.email && req.body.password ) {
  64. oauth = new OAuthModel({
  65. email : req.body.email,
  66. password : req.body.password
  67. });
  68. // The first save is the password test.
  69. oauth.save( function(err, res) {
  70. if ( err ) {
  71. Y.log('Failed authentication, going to login page', 'debug');
  72. req.session.error = res;
  73. res.redirect('/login');
  74. return;
  75. }
  76. oauth.save( function(err, res) {
  77. if ( err ) {
  78. Y.log('Error fetching user token.', 'debug');
  79. req.session.error = res;
  80. res.redirect('/login');
  81. return;
  82. }
  83.  
  84. req.session.oauth = oauth.toJSON();
  85. person.load(
  86. { headers : { 'X-Access-Token' : oauth.get('access_token') } },
  87. function(err, res) {
  88. if ( err ) {
  89. req.session.error = err;
  90. res.redirect('/login');
  91. return;
  92. }
  93. next();
  94. }
  95. );
  96. });
  97. });
  98. } else {
  99. res.redirect('/login');
  100. return;
  101. }
  102. }
  103. };
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!