| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- 'use strict'
- /* global appdata, rights */
- /**
- * Authentication middleware
- *
- * @param {Express Request} req Express Request object
- * @param {Express Response} res Express Response object
- * @param {Function} next Next callback function
- * @return {any} void
- */
- module.exports = (req, res, next) => {
- // Is user authenticated ?
- if (!req.isAuthenticated()) {
- if (req.app.locals.appconfig.public !== true) {
- return res.redirect('/login')
- } else {
- req.user = rights.guest
- res.locals.isGuest = true
- }
- } else {
- res.locals.isGuest = false
- }
- // Check permissions
- res.locals.rights = rights.check(req)
- if (!res.locals.rights.read) {
- return res.render('error-forbidden')
- }
- // Expose user data
- res.locals.user = req.user
- return next()
- }
|
