22
33const jwt = require ( 'jsonwebtoken' ) ;
44const async = require ( 'async' ) ;
5+ const util = require ( 'util' ) ;
56
67const passport = require . main . require ( 'passport' ) ;
78const nconf = require . main . require ( 'nconf' ) ;
@@ -22,8 +23,21 @@ const Middleware = {
2223 } ,
2324} ;
2425
26+ const passportAuthenticateAsync = function ( req , res ) {
27+ return new Promise ( ( resolve , reject ) => {
28+ passport . authenticate ( 'bearer' , { session : false } , ( err , user ) => {
29+ if ( err ) {
30+ reject ( err ) ;
31+ } else {
32+ resolve ( user ) ;
33+ }
34+ } ) ( req , res ) ;
35+ } ) ;
36+ } ;
37+
2538Middleware . requireUser = async function ( req , res , next ) {
2639 var writeApi = require . main . require ( 'nodebb-plugin-write-api' ) ;
40+ const loginAsync = util . promisify ( req . login ) . bind ( req ) ;
2741 var routeMatch ;
2842
2943 await plugins . fireHook ( 'response:plugin.write-api.authenticate' , {
@@ -40,42 +54,44 @@ Middleware.requireUser = async function (req, res, next) {
4054 }
4155
4256 if ( req . headers . hasOwnProperty ( 'authorization' ) ) {
43- passport . authenticate ( 'bearer' , { session : false } , function ( err , user ) {
44- if ( err ) { return next ( err ) ; }
45- if ( ! user ) { return errorHandler . respond ( 401 , res ) ; }
46-
47- // If the token received was a master token, a _uid must also be present for all calls
48- if ( user . hasOwnProperty ( 'uid' ) ) {
49- req . login ( user , function ( err ) {
50- if ( err ) { return errorHandler . respond ( 500 , res ) ; }
51-
52- req . uid = user . uid ;
53- req . loggedIn = req . uid > 0 ;
54- next ( ) ;
55- } ) ;
56- } else if ( user . hasOwnProperty ( 'master' ) && user . master === true ) {
57- if ( req . body . hasOwnProperty ( '_uid' ) || req . query . hasOwnProperty ( '_uid' ) ) {
58- user . uid = req . body . _uid || req . query . _uid ;
59- delete user . master ;
60-
61- req . login ( user , function ( err ) {
62- if ( err ) { return errorHandler . respond ( 500 , res ) ; }
57+ const user = await passportAuthenticateAsync ( req , res ) ;
58+ if ( ! user ) { return errorHandler . respond ( 401 , res ) ; }
59+
60+ // If the token received was a master token, a _uid must also be present for all calls
61+ if ( user . hasOwnProperty ( 'uid' ) ) {
62+ try {
63+ await loginAsync ( user ) ;
64+ } catch ( e ) {
65+ return errorHandler . respond ( 500 , res ) ;
66+ }
6367
64- req . uid = user . uid ;
65- req . loggedIn = req . uid > 0 ;
66- next ( ) ;
67- } ) ;
68- } else {
69- res . status ( 400 ) . json ( errorHandler . generate (
70- 400 , 'params-missing' ,
71- 'Required parameters were missing from this API call, please see the "params" property' ,
72- [ '_uid' ]
73- ) ) ;
68+ req . uid = user . uid ;
69+ req . loggedIn = req . uid > 0 ;
70+ next ( ) ;
71+ } else if ( user . hasOwnProperty ( 'master' ) && user . master === true ) {
72+ if ( req . body . hasOwnProperty ( '_uid' ) || req . query . hasOwnProperty ( '_uid' ) ) {
73+ user . uid = req . body . _uid || req . query . _uid ;
74+ delete user . master ;
75+
76+ try {
77+ await loginAsync ( user ) ;
78+ } catch ( e ) {
79+ return errorHandler . respond ( 500 , res ) ;
7480 }
81+
82+ req . uid = user . uid ;
83+ req . loggedIn = req . uid > 0 ;
84+ next ( ) ;
7585 } else {
76- return errorHandler . respond ( 500 , res ) ;
86+ res . status ( 400 ) . json ( errorHandler . generate (
87+ 400 , 'params-missing' ,
88+ 'Required parameters were missing from this API call, please see the "params" property' ,
89+ [ '_uid' ]
90+ ) ) ;
7791 }
78- } ) ( req , res , next ) ;
92+ } else {
93+ return errorHandler . respond ( 500 , res ) ;
94+ }
7995 } else if ( writeApi . settings [ 'jwt:enabled' ] === 'on' && writeApi . settings . hasOwnProperty ( 'jwt:secret' ) ) {
8096 var token = ( writeApi . settings [ 'jwt:payloadKey' ] ? ( req . query [ writeApi . settings [ 'jwt:payloadKey' ] ] || req . body [ writeApi . settings [ 'jwt:payloadKey' ] ] ) : null ) || req . query . token || req . body . token ;
8197 jwt . verify ( token , writeApi . settings [ 'jwt:secret' ] , {
0 commit comments