src/server/middleware/authenticate.js

const server_constants = require('../tools/server_constants');

var { User } = require('../models/user');

const tools = require('../tools/general');

const auth_default = (req, res, next) => {

  if (req.body.keyappid === process.env.KEY_APP_ID)
    next();

};

const authenticate = (req, res, next) => {
  const token = req.header('x-auth');
  //const refreshToken = req.header('x-refrtok');

  // console.log('authenticate... ');

  let noaut = false;

  if (req.body.hasOwnProperty('noaut')) {
    noaut = req.body.noaut;
  }

  if (noaut) {
    next();
    return;
  }

  const access = 'auth';

  return User.findByToken(token, access, true).then((ris) => {

    if (ris && ris.user && !!ris.user.deleted) {
      if (ris.user.deleted)
        ris.user = null;
    }

    if (ris.code === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {
      return Promise.reject(server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED);
    }

    if (!ris.user) {
      return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN);
    }

    if (!!ris.user) {
      // Save last time online
      ris.user.lasttimeonline = new Date();
      ris.user.retry_pwd = 0
      ris.user.useragent = req.get('User-Agent');

      return ris.user.save().then(() => {
        req.user = ris.user;
        req.token = token;
        // req.refreshToken = refreshToken;
        req.access = access;
        next(); // Esegui il codice successivo
      });
    }
    // tools.mylog('userid', user._id);

  }).catch((e) => {
    if (e === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {
      return res.status(server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED).send();  
    }
    tools.mylog("ERR authenticate invalid Token =", e);
    res.status(server_constants.RIS_CODE_HTTP_INVALID_TOKEN).send();
  });
};

const authenticate_noerror = (req, res, next) => {
  try {
    const token = req.header('x-auth');
    const refreshToken = req.header('x-refrtok');

    const access = 'auth';

    return User.findByToken(token, access, false).then((ris) => {
      if (ris.code !== server_constants.RIS_CODE_OK) {
        req.user = null;
        req.token = null;
        req.access = null;
        req.code = ris.code;
      } else {
        req.user = ris.user;
        req.token = token;
        req.refreshToken = refreshToken;
        req.access = access;
        req.code = ris.code;
      }
      // Vai avanti ad eseguire il codice, in ogni modo !
      next();
    }).catch((e) => {
      req.user = null;
      req.token = null;
      req.access = null;
      req.code = 0;
      
      // Continua comunque !
      next();
    });
  } catch (e) {
    console.error('Err', e);
  }
};

module.exports = { authenticate, authenticate_noerror, auth_default };
- Manage multiple login, in different browsers... Multi Token... 2019-02-09 18:03:14 +01:00			`const server_constants = require('../tools/server_constants');`

Aggiornamenti 2020-04-24 10:29:25 +02:00			`var { User } = require('../models/user');`
First Commit FreePlanet_ServerSide 2018-12-24 20:31:02 +01:00
- Created all Tests with Mocha: User + Todo tables 2019-02-07 00:52:48 +01:00			`const tools = require('../tools/general');`

Carrello Spesa 2020-12-25 03:54:16 +01:00			`const auth_default = (req, res, next) => {`

			`if (req.body.keyappid === process.env.KEY_APP_ID)`
			`next();`

			`};`

- Added Delete Record to the CGridTableRec 2019-10-15 20:40:31 +02:00			`const authenticate = (req, res, next) => {`
			`const token = req.header('x-auth');`
Gestione Refresh Token Completata ! 2024-04-11 11:43:19 +02:00			`//const refreshToken = req.header('x-refrtok');`
First Commit FreePlanet_ServerSide 2018-12-24 20:31:02 +01:00
- Added Delete Record to the CGridTableRec 2019-10-15 20:40:31 +02:00			`// console.log('authenticate... ');`
- ++Booking List - ++Delete a Booking also for the Admin. 2019-10-12 23:34:32 +02:00
poter visualizzare i propri beni e servizi anche se non sei registrato alla app ! 2023-01-04 02:09:42 +01:00			`let noaut = false;`

			`if (req.body.hasOwnProperty('noaut')) {`
			`noaut = req.body.noaut;`
			`}`

			`if (noaut) {`
			`next();`
			`return;`
			`}`

Fix: Todo Multi refresh ... fix some promises problem 2019-02-14 19:01:41 +01:00			`const access = 'auth';`
First Commit FreePlanet_ServerSide 2018-12-24 20:31:02 +01:00
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`return User.findByToken(token, access, true).then((ris) => {`
Aggiornamenti 2020-04-24 10:29:25 +02:00
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`if (ris && ris.user && !!ris.user.deleted) {`
			`if (ris.user.deleted)`
			`ris.user = null;`
First Commit FreePlanet_ServerSide 2018-12-24 20:31:02 +01:00			`}`
Step 2: Creating page Messages: userlist last messages + a page for all the messages received and sent. 2019-10-27 00:37:10 +02:00
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`if (ris.code === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {`
			`return Promise.reject(server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED);`
Aggiornamenti 2020-04-24 10:29:25 +02:00			`}`
Step 2: Creating page Messages: userlist last messages + a page for all the messages received and sent. 2019-10-27 00:37:10 +02:00
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`if (!ris.user) {`
Aggiornamenti 2020-04-24 10:29:25 +02:00			`return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN);`
			`}`

- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`if (!!ris.user) {`
Aggiornamenti 2020-04-24 10:29:25 +02:00			`// Save last time online`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`ris.user.lasttimeonline = new Date();`
- catalogo avanti, parte 1 2024-05-04 14:49:02 +02:00			`ris.user.retry_pwd = 0`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`ris.user.useragent = req.get('User-Agent');`
Aggiornamenti 2020-04-24 10:29:25 +02:00
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`return ris.user.save().then(() => {`
			`req.user = ris.user;`
Aggiornamenti 2020-04-24 10:29:25 +02:00			`req.token = token;`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`// req.refreshToken = refreshToken;`
Aggiornamenti 2020-04-24 10:29:25 +02:00			`req.access = access;`
Gestione Refresh Token Completata ! 2024-04-11 11:43:19 +02:00			`next(); // Esegui il codice successivo`
Aggiornamenti 2020-04-24 10:29:25 +02:00			`});`
			`}`
- fix: Date problems... (it was a bad "copy" function, the object date was not valid...) - fix: error fetch on loading... (offline appeared) 2019-02-11 02:59:05 +01:00			`// tools.mylog('userid', user._id);`
First Commit FreePlanet_ServerSide 2018-12-24 20:31:02 +01:00
			`}).catch((e) => {`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`if (e === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {`
			`return res.status(server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED).send();`
			`}`
Ver 0.2.8 Added msg Server error in every pages Nuovo Gruppo non funziona. Corretto altre funzioni del Gruppo Errore del server" Network Error", fare pagina test con altri host per vedere se da lo stesso msg, con IP 2022-02-22 15:24:32 +01:00			`tools.mylog("ERR authenticate invalid Token =", e);`
- Manage multiple login, in different browsers... Multi Token... 2019-02-09 18:03:14 +01:00			`res.status(server_constants.RIS_CODE_HTTP_INVALID_TOKEN).send();`
First Commit FreePlanet_ServerSide 2018-12-24 20:31:02 +01:00			`});`
			`};`

- Enable Edit Event into dialog form ... (and save to the db) - Event: enabled drag and drop (date) - Q-Select components in every table field external: Where, Operators, etc... - CMyEditor: Add HTML Editor to the details field ! - Added button Color for change font color to the text. - Complete insert Events Site 2019-10-23 23:47:21 +02:00			`const authenticate_noerror = (req, res, next) => {`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`try {`
			`const token = req.header('x-auth');`
Gestione Refresh Token Completata ! 2024-04-11 11:43:19 +02:00			`const refreshToken = req.header('x-refrtok');`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00
			`const access = 'auth';`

			`return User.findByToken(token, access, false).then((ris) => {`
			`if (ris.code !== server_constants.RIS_CODE_OK) {`
			`req.user = null;`
			`req.token = null;`
			`req.access = null;`
Gestione Refresh Token Completata ! 2024-04-11 11:43:19 +02:00			`req.code = ris.code;`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`} else {`
			`req.user = ris.user;`
			`req.token = token;`
			`req.refreshToken = refreshToken;`
			`req.access = access;`
Gestione Refresh Token Completata ! 2024-04-11 11:43:19 +02:00			`req.code = ris.code;`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`}`
Gestione Refresh Token Completata ! 2024-04-11 11:43:19 +02:00			`// Vai avanti ad eseguire il codice, in ogni modo !`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`next();`
			`}).catch((e) => {`
- Enable Edit Event into dialog form ... (and save to the db) - Event: enabled drag and drop (date) - Q-Select components in every table field external: Where, Operators, etc... - CMyEditor: Add HTML Editor to the details field ! - Added button Color for change font color to the text. - Complete insert Events Site 2019-10-23 23:47:21 +02:00			`req.user = null;`
			`req.token = null;`
			`req.access = null;`
Gestione Refresh Token Completata ! 2024-04-11 11:43:19 +02:00			`req.code = 0;`
- fixed server versioni precedenti (getEnableTokenExpiredByIdApp dava errore perchè confpages non esiste nelle vecchie versioni ...) 2024-04-19 15:44:34 +02:00
			`// Continua comunque !`
			`next();`
- aggiornamento refreshtoken (parte 1) - PCB: fix listino 2024-04-09 21:56:50 +02:00			`});`
			`} catch (e) {`
			`console.error('Err', e);`
			`}`
- Enable Edit Event into dialog form ... (and save to the db) - Event: enabled drag and drop (date) - Q-Select components in every table field external: Where, Operators, etc... - CMyEditor: Add HTML Editor to the details field ! - Added button Color for change font color to the text. - Complete insert Events Site 2019-10-23 23:47:21 +02:00			`};`

Carrello Spesa 2020-12-25 03:54:16 +01:00			`module.exports = { authenticate, authenticate_noerror, auth_default };`