planka/server/api/hooks/current-user/index.js

/**
 * current-user hook
 *
 * @description :: A hook definition. Extends Sails by adding shadow routes, implicit actions,
 *                 and/or initialization logic.
 * @docs        :: https://sailsjs.com/docs/concepts/extending-sails/hooks
 */

module.exports = function defineCurrentUserHook(sails) {
  const TOKEN_PATTERN = /^Bearer /;

  const getUser = async (accessToken) => {
    let payload;
    try {
      payload = sails.helpers.utils.verifyToken(accessToken);
    } catch (error) {
      return null;
    }

    const user = await sails.helpers.users.getOne(payload.subject);

    if (user && user.passwordChangedAt > payload.issuedAt) {
      return null;
    }

    return user;
  };

  return {
    /**
     * Runs when this Sails app loads/lifts.
     */

    async initialize() {
      sails.log.info('Initializing custom hook (`current-user`)');
    },

    routes: {
      before: {
        '/api/*': {
          async fn(req, res, next) {
            const { authorization: authorizationHeader } = req.headers;

            if (authorizationHeader && TOKEN_PATTERN.test(authorizationHeader)) {
              const accessToken = authorizationHeader.replace(TOKEN_PATTERN, '');

              req.currentUser = await getUser(accessToken);
            }

            return next();
          },
        },
        '/attachments/*': {
          async fn(req, res, next) {
            if (req.cookies.accessToken) {
              req.currentUser = await getUser(req.cookies.accessToken);
            }

            return next();
          },
        },
      },
    },
  };
};
Initial commit 2019-08-31 04:07:25 +05:00			`/**`
			`* current-user hook`
			`*`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`* @description :: A hook definition. Extends Sails by adding shadow routes, implicit actions,`
			`* and/or initialization logic.`
Initial commit 2019-08-31 04:07:25 +05:00			`* @docs :: https://sailsjs.com/docs/concepts/extending-sails/hooks`
			`*/`

			`module.exports = function defineCurrentUserHook(sails) {`
			`const TOKEN_PATTERN = /^Bearer /;`

Add username to user 2020-04-03 00:35:25 +05:00			`const getUser = async (accessToken) => {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`let payload;`
Initial commit 2019-08-31 04:07:25 +05:00			`try {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`payload = sails.helpers.utils.verifyToken(accessToken);`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`} catch (error) {`
			`return null;`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`const user = await sails.helpers.users.getOne(payload.subject);`

			`if (user && user.passwordChangedAt > payload.issuedAt) {`
			`return null;`
			`}`

			`return user;`
Initial commit 2019-08-31 04:07:25 +05:00			`};`

			`return {`
			`/**`
			`* Runs when this Sails app loads/lifts.`
			`*/`

Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`async initialize() {`
Initial commit 2019-08-31 04:07:25 +05:00			sails.log.info('Initializing custom hook (`current-user`)');
			`},`

			`routes: {`
			`before: {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`'/api/*': {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`async fn(req, res, next) {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`const { authorization: authorizationHeader } = req.headers;`

			`if (authorizationHeader && TOKEN_PATTERN.test(authorizationHeader)) {`
			`const accessToken = authorizationHeader.replace(TOKEN_PATTERN, '');`
Initial commit 2019-08-31 04:07:25 +05:00
			`req.currentUser = await getUser(accessToken);`
			`}`

feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`return next();`
			`},`
			`},`
			`'/attachments/*': {`
			`async fn(req, res, next) {`
			`if (req.cookies.accessToken) {`
			`req.currentUser = await getUser(req.cookies.accessToken);`
			`}`

Initial commit 2019-08-31 04:07:25 +05:00			`return next();`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
			`},`
			`},`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`
			`};`