import { NextFunction, Request, Response } from "express"; import Logging from "@hibas123/nodelogging"; import RequestError, { HttpStatusCode } from "../../helper/request_error"; import promiseMiddleware from "../../helper/promiseMiddleware"; import { requireLoginState } from "../../helper/login"; class Invalid extends Error { } /** * Returns customized Middleware function, that could also be called directly * by code and will return true or false depending on the token. In the false * case it will also send error and redirect if json is not set * @param json Default false. Checks if requests wants an json or html for returning errors * @param special_required Default false. If true, a special token is required * @param redirect_uri Default current uri. Sets the uri to redirect, if json is not set and user not logged in * @param validated Default true. If false, the token must not be validated */ export function GetUserMiddleware( json = false, special_required: boolean = false, redirect_uri?: string, validated = true ) { return promiseMiddleware(async function ( req: Request, res: Response, next?: NextFunction ) { const invalid = (message: string) => { throw new Invalid(req.__(message)); }; try { if (!requireLoginState(req, validated, special_required)) { invalid("Not logged in"); } if (next) next(); return true; } catch (e) { Logging.getChild("UserMiddleware").warn(e); if (e instanceof Invalid) { if (req.method === "GET" && !json) { res.status(HttpStatusCode.UNAUTHORIZED); res.redirect( "/login?base64=true&state=" + Buffer.from( redirect_uri ? redirect_uri : req.originalUrl ).toString("base64") ); } else { throw new RequestError( req.__( "You are not logged in or your login is expired" + ` (${e.message})` ), HttpStatusCode.UNAUTHORIZED, undefined, { auth: true } ); } } else { if (next) next(e); else throw e; } return false; } }); } export const UserMiddleware = GetUserMiddleware();