3TAdEMv6

· 9 years ago · Jan 31, 2017, 05:16 PM
1var authChecker = function(req, res, next){
2        if(req.query && (req.query.userName || req.query.username)){ // if api query is dependent on the user, validate its token.
3          try{
4            var authToken;
5            req.headers.authorization.split(' ')[0] == "Bearer" ? authToken = req.headers.authorization.split(' ')[1] : "";
6            var user = jwt.verify(authToken, 'secretkey');
7            if(req.query.userName == user.username){
8              next();
9            }
10            else{
11              res.cookie('username', '', {expires: new Date(0)});
12              res.cookie('token', '', {expires: new Date(0)});
13              return res.status(401).json({"msg": "Authentication required."});
14            }
15          }
16          catch(err){ // if not able to validate the token, then expire all the available token
17            res.cookie('username', '', {expires: new Date(0)});
18            res.cookie('token', '', {expires: new Date(0)});
19            return res.status(401).json({"msg": "Authentication required."})
20          }
21        }
22        else{
23          next();
24        }
25      };
26	
27app.namespace('/api', function () {
28          app.get('/abc', authChecker, abc.cde);
29
30          app.get('/cde', efg.ghi); //authentication not required for this API.