server/lib/authSessionChecker.js
//
// Copyright 2014 Ilkka Oksanen <iao@iki.fi>
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an "AS
// IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
// express or implied. See the License for the specific language
// governing permissions and limitations under the License.
//
const User = require('../models/user');
const authSessionService = require('../services/authSession');
exports.processCookie = async function processCookie(ctx, next) {
ctx.mas = ctx.mas || {};
ctx.mas.user = null;
const sessionCookie = ctx.cookies.get('mas');
if (sessionCookie) {
const session = await authSessionService.get(sessionCookie);
const user = session ? await User.fetch(session.get('userId')) : null;
if (!user || !user.get('inUse')) {
ctx.cookies.set('mas'); // Delete the invalid cookie
ctx.response.redirect('/');
return;
}
ctx.mas.user = user;
}
await next();
};