mbkauthe 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +1 -0
- package/lib/authapi.js +57 -0
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -47,4 +47,5 @@ if (process.env.test === "true") {
|
|
|
47
47
|
|
|
48
48
|
export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate } from "./lib/validateSessionAndRole.js";
|
|
49
49
|
export { dblogin } from "./lib/pool.js";
|
|
50
|
+
export { authapi } from "./lib/authapi.js";
|
|
50
51
|
export default router;
|
package/lib/authapi.js
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import { pool } from "./pool.js";
|
|
2
|
+
|
|
3
|
+
export const authapi = () => {
|
|
4
|
+
return (req, res, next) => {
|
|
5
|
+
const token = req.headers["authorization"];
|
|
6
|
+
|
|
7
|
+
// Query to check if the token exists in UserAuthApiKey table
|
|
8
|
+
const tokenQuery = 'SELECT * FROM "UserAuthApiKey" WHERE "key" = $1';
|
|
9
|
+
pool.query(tokenQuery, [token], (err, result) => {
|
|
10
|
+
if (err) {
|
|
11
|
+
console.error("Database query error:", err);
|
|
12
|
+
return res
|
|
13
|
+
.status(500)
|
|
14
|
+
.json({ success: false, message: "Internal Server Error" });
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
if (result.rows.length === 0) {
|
|
18
|
+
console.log("Invalid token");
|
|
19
|
+
return res
|
|
20
|
+
.status(401)
|
|
21
|
+
.json({ success: false, message: "The AuthApiToken Is InValid" });
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
const username = result.rows[0].username;
|
|
25
|
+
|
|
26
|
+
// Query to check if the user exists and is active in Users table
|
|
27
|
+
const userQuery =
|
|
28
|
+
'SELECT * FROM "Users" WHERE "UserName" = $1 AND "Active" = true';
|
|
29
|
+
pool.query(userQuery, [username], (err, userResult) => {
|
|
30
|
+
if (username === "demo") {
|
|
31
|
+
console.log("Demo user is not allowed to access this endpoint");
|
|
32
|
+
return res.status(401).json({
|
|
33
|
+
success: false,
|
|
34
|
+
message: "Demo user is not allowed to access endpoints",
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
if (err) {
|
|
38
|
+
console.error("Database query error:", err);
|
|
39
|
+
return res
|
|
40
|
+
.status(500)
|
|
41
|
+
.json({ success: false, message: "Internal Server Error" });
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
if (userResult.rows.length === 0) {
|
|
45
|
+
console.log("User does not exist or is not active");
|
|
46
|
+
return res.status(401).json({
|
|
47
|
+
success: false,
|
|
48
|
+
message: "User does not exist or is not active",
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
console.log("Token and user are valid");
|
|
53
|
+
next();
|
|
54
|
+
});
|
|
55
|
+
});
|
|
56
|
+
};
|
|
57
|
+
};
|