47 lines
1.1 KiB
TypeScript
47 lines
1.1 KiB
TypeScript
// Heavily based on:
|
|
// https://github.com/TomDoesTech/REST-API-Tutorial-Updated/blob/7b5f040e1acd94d267df585516b33ee7e3b75f70/src/middleware/deserializeUser.ts
|
|
import { get } from 'lodash';
|
|
import { Request, Response, NextFunction } from 'express';
|
|
import * as jwt from '../tools/jwt';
|
|
|
|
const inferUser = async (
|
|
req: Request,
|
|
res: Response,
|
|
next: NextFunction
|
|
) => {
|
|
|
|
const accessToken = get(req, 'headers.authorization', '').replace(
|
|
/^Bearer\s/,
|
|
''
|
|
);
|
|
|
|
if (!accessToken) return next();
|
|
|
|
const token = jwt.verifyJwt(accessToken, 'accessTokenPrivateKey');
|
|
if (token) {
|
|
res.locals.user = token;
|
|
return next();
|
|
}
|
|
|
|
/*
|
|
// refresh token handling is not (yet) implemented
|
|
const refreshToken = get(req, 'headers.x-refresh');
|
|
|
|
if (expired && refreshToken) {
|
|
const newAccessToken = await reIssueAccessToken({ refreshToken });
|
|
|
|
if (newAccessToken) {
|
|
res.setHeader('x-access-token', newAccessToken);
|
|
}
|
|
|
|
const result = verifyJwt(newAccessToken as string, 'accessTokenPublicKey');
|
|
|
|
res.locals.user = result.decoded;
|
|
return next();
|
|
}
|
|
*/
|
|
|
|
return next();
|
|
};
|
|
|
|
export default inferUser; |