gistfile1.js

9/30/2014 - 1:25 PM

"use strict";

var accounts = require('../models/accounts');
var venues = require('../models/venues');
var config = require('../../config');

module.exports = {
	validateToken: validateToken,
	validateAdminToken: validateAdminToken
};

function validateToken() {
	return function (req, res, next) {
		var token = req.headers['x-access-token'] || req.query.accessToken || (config.auth.cookieName && req.cookies[config.auth.cookieName]);

		if (!token) {
			return next({message: 'access token is missing', status: 401});
		}

		accounts.findByAccessToken(token, function (err, account) {
			if (err || !account) {
				return next({message: 'access token is not valid', status: 401});
			}

			req.account = account;

			next();
		});
	};
}

function validateAdminToken() {
	return function (req, res, next) {
		var token = req.headers['x-access-token'] || req.query.accessToken || (config.auth.cookieName && req.cookies[config.auth.cookieName]);
		var id = req.params.id;

		if (!token) {
			return next({message: 'access token is missing', status: 401});
		}

		venues.findAdminByAcessToken(id, token, function (err, admin) {
			if(err || !admin) {
				return next ({message: 'access token is not valid', status: 401});
			}
			
			req.admin = admin;
		});
	};
}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

gistfile1.js