src/auth.js at personal · oppi.li/lurker

oppi.li / lurker
selfhostable, read-only reddit client
lurker / src / auth.js
at personal 1.4 kB view raw
 1const jwt = require("jsonwebtoken");
 2const { db } = require("./db");
 3const { JWT_KEY } = require("./");
 4
 5function authenticateToken(req, res, next) {
 6	if (!req.cookies || !req.cookies.auth_token) {
 7		return res.redirect("/login");
 8	}
 9
10	const token = req.cookies.auth_token;
11
12	// If no token, deny access
13	if (!token) {
14		return res.redirect(
15			`/login?redirect=${encodeURIComponent(req.originalUrl)}`,
16		);
17	}
18
19	try {
20		const user = jwt.verify(token, JWT_KEY);
21		req.user = user;
22		next();
23	} catch (error) {
24		res.redirect(`/login?redirect=${encodeURIComponent(req.originalUrl)}`);
25	}
26}
27
28function authenticateAdmin(req, res, next) {
29	if (!req.cookies || !req.cookies.auth_token) {
30		return res.redirect(
31			`/login?redirect=${encodeURIComponent(req.originalUrl)}`,
32		);
33	}
34
35	const token = req.cookies.auth_token;
36
37	// If no token, deny access
38	if (!token) {
39		return res.redirect(
40			`/login?redirect=${encodeURIComponent(req.originalUrl)}`,
41		);
42	}
43
44	try {
45		const user = jwt.verify(token, JWT_KEY);
46		req.user = user;
47		const isAdmin = db
48			.query("SELECT isAdmin FROM users WHERE id = $id and isAdmin = 1")
49			.get({
50				id: req.user.id,
51			});
52		if (isAdmin) {
53			next();
54		} else {
55			res.status(400).send("only admins can invite");
56		}
57	} catch (error) {
58		res.send(`failed to authenticate as admin: ${error}`);
59	}
60}
61
62module.exports = { authenticateToken, authenticateAdmin };