alexbeletsky · February 28, 2017 15:26
diff --git a/app.js b/app.js
 const express = require('express');
 const bodyParser = require('body-parser');
 const methodOverride = require('method-override');
 const morgan = require('morgan');
 const cors = require('cors');
 const health = require('express-ping');

 const config = require('./config');
 const middleware = require('./source/middleware');
 const logger = require('./source/utils/logger');
 const auth = require('./source/utils/auth');

 const app = express();
 const env = process.env.NODE_ENV || 'development';
 const port = process.env.PORT || 3010;

 morgan.format('custom', ':method :url :status :res[content-length] - :response-time ms');
 app.use(morgan('custom', { stream: logger.stream() }));

 app.use(health.ping('/'));
 app.use(middleware.db.mongo(config.mongo));
 app.use(bodyParser.json());
 app.use(methodOverride());
 app.use(cors());

 auth(app, ['/v1']);

 require('./source/api')(app);
 app.use(middleware.errors());

 app.listen(port, () => {
  logger.success('api started [:' + port + '] ' + env);
 });
diff --git a/middleware--auth.js b/middleware--auth.js
 const usersModel = require('../models/users');

 function auth() {
  return (req, res, next) => {
    const token = headers() || query();
    const users = usersModel(req.mongo);

    if (!token) {
      return next({ message: 'access token missing', status: 401 });
    }

    users.findByAccessToken(token, (err, user) => {
      if (err) {
        return next(err);
      }

      if (!user) {
        return next({ message: 'not authorized', status: 401 });
      }

      req.user = user;

      next();
    });

    function headers() {
      return req.headers['x-token'] || req.headers['x-access-token'];
    }

    function query() {
      return req.query.accessToken || req.query.accesstoken;
    }
  };
 }

 module.exports = auth;
diff --git a/utils--auth.js b/utils--auth.js
 const middleware = require('../middleware');

 function applyAuthentication(app, routesToSecure) {
  routesToSecure.forEach((route) => {
    app.all(route + '/*', middleware.access.auth());
  });

  return app;
 }

 module.exports = applyAuthentication;
diff --git a/utils--middleware.js b/utils--middleware.js
 module.exports = {
  access: {
    auth: require('./auth')
  }
 };
	const express = require('express');
	const bodyParser = require('body-parser');
	const methodOverride = require('method-override');
	const morgan = require('morgan');
	const cors = require('cors');
	const health = require('express-ping');

	const config = require('./config');
	const middleware = require('./source/middleware');
	const logger = require('./source/utils/logger');
	const auth = require('./source/utils/auth');

	const app = express();
	const env = process.env.NODE_ENV \|\| 'development';
	const port = process.env.PORT \|\| 3010;

	morgan.format('custom', ':method :url :status :res[content-length] - :response-time ms');
	app.use(morgan('custom', { stream: logger.stream() }));

	app.use(health.ping('/'));
	app.use(middleware.db.mongo(config.mongo));
	app.use(bodyParser.json());
	app.use(methodOverride());
	app.use(cors());

	auth(app, ['/v1']);

	require('./source/api')(app);
	app.use(middleware.errors());

	app.listen(port, () => {
	logger.success('api started [:' + port + '] ' + env);
	});
	const usersModel = require('../models/users');

	function auth() {
	return (req, res, next) => {
	const token = headers() \|\| query();
	const users = usersModel(req.mongo);

	if (!token) {
	return next({ message: 'access token missing', status: 401 });
	}

	users.findByAccessToken(token, (err, user) => {
	if (err) {
	return next(err);
	}

	if (!user) {
	return next({ message: 'not authorized', status: 401 });
	}

	req.user = user;

	next();
	});

	function headers() {
	return req.headers['x-token'] \|\| req.headers['x-access-token'];
	}

	function query() {
	return req.query.accessToken \|\| req.query.accesstoken;
	}
	};
	}

	module.exports = auth;
	const middleware = require('../middleware');

	function applyAuthentication(app, routesToSecure) {
	routesToSecure.forEach((route) => {
	app.all(route + '/*', middleware.access.auth());
	});

	return app;
	}

	module.exports = applyAuthentication;