Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * accessToken
- *
- * @module :: Policy
- * @description :: Simple policy to allow any authenticated user
- * @docs :: http://sailsjs.org/#!/documentation/concepts/Policies
- *
- */
- var UserRepo = require('../services/repo/UserRepo');
- module.exports = function(req, res, next) {
- if (req.headers['Authorization']) { // Checks for authorization header in request
- var authKey = req.headers['Authorization']; // Bearer 4#fic890dwudhgcein...some fucking long auth token
- var authSegments = authKey.split(' ');
- var authSchema = authKey[0]; // Bearer
- var accessToken = authKey[1]; // 4#fic890dwudhgcein...some fucking long pseudo code
- var decodedData = UserRepo.crackToken(accessToken); // { username: 'jopa', password: 'jopa', ... }
- req.currentUser = decodedData; // This is very important!!!! From this point further controller action can access `req.currentUser` to get currently autheticated User data
- return next();
- } else {
- return res.forbidden(); // Do not allow request to hit controller action, return 403 FORBIDDEN to the client (angular)
- }
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement