2023-01-22 09:53:09 +00:00
|
|
|
const jwt = require( 'jwt-simple' );
|
|
|
|
const jsonfile = require( 'jsonfile' );
|
|
|
|
const fs = require( 'fs-extra' );
|
|
|
|
const moment = require( 'moment' );
|
|
|
|
const glob = require( 'glob' );
|
|
|
|
//const path = require( 'path' );
|
|
|
|
// Check if package is installed or not to pickup the right config file
|
|
|
|
//const src = '..'; // ( __dirname.indexOf( '/node_modules/' ) > -1 ) ? '../../..' : '..';
|
|
|
|
//const config = require( path.normalize( `${__dirname}/${src}/config.js` ) );
|
2023-02-10 10:48:45 +00:00
|
|
|
const config = require( '../tribes/townconf.js' );
|
2023-01-22 09:53:09 +00:00
|
|
|
const isAuthenticated = ( req, res, next ) => {
|
|
|
|
/*
|
|
|
|
check if authenticated with valid token
|
|
|
|
if not => set req.session.header.xauth=1
|
|
|
|
if yes => set for xWorkon
|
|
|
|
req.session.header.accessrights={
|
|
|
|
app:{'tribeid:website':[liste of menu]},
|
|
|
|
data:{ "sitewebsrc": "RWCDO",
|
|
|
|
"contacts": "RWCDO"}}
|
|
|
|
Liste of menu is linked with the app tht have to be consistent with accessrights.data
|
|
|
|
data, list of object accessright Read Write Create Delete Owner
|
|
|
|
a xuuid can read any objet if R
|
|
|
|
if O wner means that it can only read write its object create by himself
|
|
|
|
*/
|
|
|
|
console.log( 'isAuthenticated()?' );
|
|
|
|
//console.log( 'req.app.locals.tokens', req.app.locals.tokens )
|
|
|
|
//console.log( 'req.session.header', req.session.header );
|
|
|
|
// Check if token exist or not
|
|
|
|
req.session.header.accessrights = { app: "", data: {} }
|
|
|
|
if( req.session.header.xpaganid == config.devnoauthxuuid && req.session.header.xauth == config.devnoauthxauth ) {
|
|
|
|
console.log( 'isAuthenticated yes: carrefull using a bypass password give you accessrights={}' );
|
|
|
|
} else if( req.session.header.xpaganid == "1" || !req.app.locals.tokens[ req.session.header.xpaganid ] ) {
|
|
|
|
console.log( `isAuthenticated no : uuid=1 (value=${req.session.header.xpaganid}) or locals.tokens[uuid] empty ` );
|
|
|
|
console.log( 'req.app.locals.tokens de xpaganid', req.app.locals.tokens[ req.session.header.xpaganid ] );
|
|
|
|
console.log( 'list key uuid de req.app.locals.tokens', Object.keys( req.app.locals.tokens ) )
|
|
|
|
req.session.header.xauth = "1"
|
|
|
|
} else if( req.app.locals.tokens[ req.session.header.xpaganid ].TOKEN !== req.session.header.xauth ) {
|
|
|
|
// console.log(req.session.header.xuuid);
|
|
|
|
// console.log(req.session.header.xauth);
|
|
|
|
// update tokens from file in case recently logged
|
|
|
|
try {
|
|
|
|
console.log( 'token not in list of token (req.app.locals.tokens) try to refresh from file' );
|
|
|
|
req.app.locals.tokens = jsonfile.readFileSync( `${config.tmp}/tokens.json` );
|
|
|
|
} catch ( err ) {
|
|
|
|
console.log( `check isAuthenticated issue in reading ${config.tmp}/tokens.json` );
|
|
|
|
}
|
|
|
|
if( req.app.locals.tokens[ req.session.header.xpaganid ].TOKEN !== req.session.header.xauth ) {
|
|
|
|
// if still does not exist then out
|
|
|
|
console.log( 'isAuthenticated no, token outdated' );
|
|
|
|
req.session.header.xauth = "1"
|
|
|
|
req.session.header.xpaganid = "1"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if( req.session.header.xauth == "1" ) {
|
|
|
|
//return res.status( 403 )
|
|
|
|
return res.status( 403 )
|
|
|
|
.send( {
|
|
|
|
info: [ 'forbiddenAccess' ],
|
|
|
|
model: 'Pagans',
|
|
|
|
moreinfo: 'isAuthenticated faill'
|
|
|
|
} )
|
|
|
|
} else {
|
|
|
|
console.log( 'isAuthenticated yes' );
|
|
|
|
if( req.app.locals.tokens[ req.session.header.xpaganid ] ) {
|
|
|
|
//console.log( `accessright pour ${req.session.header.xpaganid}`, req.app.locals.tokens[ req.session.header.xpaganid ].ACCESSRIGHTS );
|
|
|
|
//set header.accessrights from tokens.json
|
|
|
|
req.session.header.accessrights = req.app.locals.tokens[ req.session.header.xpaganid ].ACCESSRIGHTS
|
|
|
|
} else {
|
|
|
|
// case of bypass no accessright available
|
|
|
|
req.session.header.accessrights = {}
|
|
|
|
}
|
|
|
|
// Once per day, clean old token
|
|
|
|
const currentday = moment()
|
|
|
|
.date();
|
|
|
|
console.log( 'test si menagedone' + currentday, !fs.existsSync( `${config.tmp}/menagedone${currentday}` ) )
|
|
|
|
if( !fs.existsSync( `${config.tmp}/menagedone${currentday}` ) ) {
|
|
|
|
glob.sync( `${config.tmp}/menagedone*` )
|
|
|
|
.forEach( f => {
|
|
|
|
fs.remove( f, ( err ) => {
|
|
|
|
if( err ) {
|
|
|
|
console.log( 'err remove menagedone', err )
|
|
|
|
}
|
|
|
|
} )
|
|
|
|
} );
|
|
|
|
glob.sync( `${config.tmp}/mdcreator*.log` )
|
|
|
|
.forEach( f => {
|
|
|
|
fs.remove( f, ( err ) => {
|
|
|
|
if( err ) {
|
|
|
|
console.log( 'err remove mdcreator log', err )
|
|
|
|
}
|
|
|
|
} )
|
|
|
|
} );
|
|
|
|
const newtokens = {};
|
|
|
|
for( const k of Object.keys( req.app.locals.tokens ) ) {
|
|
|
|
try {
|
|
|
|
const decodedToken = jwt.decode( req.app.locals.tokens[ k ].TOKEN, config.jwtSecret );
|
|
|
|
//console.log( moment( decodedToken.expiration ), moment() )
|
|
|
|
//console.log( moment( decodedToken.expiration ) >= moment() )
|
|
|
|
if( moment( decodedToken.expiration ) >= moment() ) {
|
|
|
|
newtokens[ k ] = req.app.locals.tokens[ k ];
|
|
|
|
}
|
|
|
|
} catch ( err ) {
|
|
|
|
console.log( "Check isAuthenticated cleaning token ", err );
|
|
|
|
}
|
|
|
|
};
|
|
|
|
req.app.locals.tokens = newtokens;
|
|
|
|
jsonfile.writeFileSync( `${config.tmp}/tokens.json`, newtokens );
|
|
|
|
fs.writeFileSync( `${config.tmp}/menagedone${currentday}`, 'fichier semaphore to clean data each day can be deleted with no consequence', 'utf-8' );
|
|
|
|
}
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
module.exports = isAuthenticated;
|