routerInstance.get('/me', function (req, res, next) { model.findByToken(req.headers['x-access-token'], function (code, result) { if (code !== 200) { res.send(200, 'dummyusername'); return next(); } else { res.send(200, result) return next(); } } ); });
RestServer.pre((req, res, next) => { // Fix Headers if ('x-access-server' in req.headers && !('X-Access-Server' in req.headers)) { req.headers['X-Access-Server'] = req.headers['x-access-server']; // eslint-disable-line } if ('x-access-token' in req.headers && !('X-Access-Token' in req.headers)) { req.headers['X-Access-Token'] = req.headers['x-access-token']; // eslint-disable-line } return next(); });
// Authentication middleware - we place it in each controller because some content may not need authentication routerInstance.use(function (req, res, next) { auth.findByToken(req.headers['x-access-token'], function (code, result) { if (code === 200) { return next(); } else { return next(new errs.UnauthorizedError()); } }); });
server.get('/cosmos/read', function (req, res, next) { // Takes in headers of 'resourceId', 'doclink' and 'token' // Then creates a limitedClient using the supplied token to read the data // from the document. // The client cannot access other resources. let resourceId = req.headers['resourceid'].toLowerCase(); let limitedClient = new documentClient(process.env.COSMOS_ENDPOINT, { resourceTokens: { [resourceId]: req.headers['token'] } }) limitedClient.readDocument(req.headers['doclink'], (error, result) => { if (error) { res.code = 500; res.send(error); return next(); } else { res.send(result); return next(); } }); });
// Authenticated router paths routerInstance.get('/ingredient', function (req, res, next) { auth.read(req.headers['x-access-token'], function (code, result) { if (code === 200) { var owner = result.id; model.getAll(owner, function (code, result) { res.send(code, result); return next(); }); return next(); } else { return next(new errs.UnauthorizedError()); } }); });