kylefang/RootPanel
1
0
Fork 0
mirror of https://github.com/HackPlan/RootPanel.git synced 2026-03-27 22:44:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
97eaeac29e1cc5c09957392fa09a86dafda62192
RootPanel/core/middleware.coffee
jysperm 97eaeac29e refactor
2014-09-13 00:21:09 +08:00

86 lines
2.2 KiB
CoffeeScript
Raw Blame History

{mAccount, mTicket} = app.models
exports.parseToken = (req, res, next) ->
if req.headers['x-token']
req.token = req.headers['x-token']
else
req.token = req.cookies.token
next()
exports.getParam = (req, res, next) ->
if req.method == 'GET'
req.body = req.query
next()
exports.errorHandling = (req, res, next) ->
res.error = (name, param = {}) ->
param = _.extend param, error: name
res.status(400).json param
next()
exports.accountInfo = (req, res, next) ->
req.inject [exports.parseToken], ->
mAccount.authenticate req.token, (err, account) ->
req.account = account
next()
exports.renderAccount = (req, res, next) ->
req.inject [exports.accountInfo], ->
old_render = res.render
res.render = (name, options = {} , fn) ->
options = _.extend {account: req.account}, options
old_render.call res, name, options, fn
next()
exports.requireAuthenticate = (req, res, next) ->
req.inject [exports.accountInfo, exports.errorHandling], ->
if req.account
next()
else
if req.method == 'GET'
res.redirect '/account/login/'
else
res.error 'auth_failed'
exports.requireAdminAuthenticate = (req, res, next) ->
req.inject [exports.requireAuthenticate], ->
unless mAccount.inGroup req.account, 'root'
if req.method == 'GET'
return res.status(403).end()
else
return res.error 'forbidden'
next()
exports.requireInService = (service_name) ->
return (req, res, next) ->
req.inject [exports.requireAuthenticate], ->
unless service_name in req.account.attribute.services
return res.error 'not_in_service'
next()
exports.constructObjectID = (fields = ['id']) ->
return (req, res, next) ->
for field in fields
if req.body[field]
req.body[field] = new ObjectID req.body[field]
next()
exports.loadTicket = (req, res, next) ->
req.inject [exports.requireAuthenticate, exports.constructObjectID()], ->
mTicket.findOne _id: req.body.id, (err, ticket) ->
unless ticket
return res.error 'ticket_not_exist'
unless mTicket.getMember ticket, req.account
unless 'root' in req.account.groups
return res.error 'forbidden'
req.ticket = ticket
next()
Reference in New Issue View Git Blame Copy Permalink