-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthentication.js
109 lines (97 loc) · 3.09 KB
/
authentication.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
/*jslint indent: 2, nomen: true, maxlen: 100, white: true, plusplus: true, unparam: true */
/*global require, applicationContext */
////////////////////////////////////////////////////////////////////////////////
/// @brief An example Foxx-Application for ArangoDB
///
/// @file
///
/// DISCLAIMER
///
/// Copyright 2010-2013 triagens GmbH, Cologne, Germany
///
/// Licensed under the Apache License, Version 2.0 (the "License");
/// you may not use this file except in compliance with the License.
/// You may obtain a copy of the License at
///
/// http://www.apache.org/licenses/LICENSE-2.0
///
/// Unless required by applicable law or agreed to in writing, software
/// distributed under the License is distributed on an "AS IS" BASIS,
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
/// See the License for the specific language governing permissions and
/// limitations under the License.
///
/// Copyright holder is triAGENS GmbH, Cologne, Germany
///
/// @author Jan Steemann
/// @author Copyright 2011-2013, triAGENS GmbH, Cologne, Germany
////////////////////////////////////////////////////////////////////////////////
(function() {
"use strict";
var Foxx = require("org/arangodb/foxx"),
controller = new Foxx.Controller(applicationContext),
NoAdmin = function() {},
userIsAdmin = function (req) {
if (!(req.user && req.user.data.admin)) {
throw new NoAdmin();
}
};
NoAdmin.prototype = new Error();
controller.activateAuthentication({
type: "cookie",
cookieName: "myCookie",
cookieLifetime: 360000,
sessionLifetime: 600
});
/** Allow users to login
*
* Standard Login with adjusted onSuccess handler
*/
controller.login("/login", {
onSuccess: function (req, res) {
req.currentSession.set("fancy", "pants");
res.json({
msg: "Logged in!",
user: req.user.identifier,
key: req.currentSession._key
});
}
});
/** Allow users to logout
*
* Standard Logout, no adjustments
*/
controller.logout("/logout");
/** Allow users to register
*
* Standard Register with an additional user attributes
* and an admin attribute set to false.
*/
controller.register("/register", {
acceptedAttributes: ["name"],
defaultAttributes: {
admin: false
}
});
/** Increase counter by one for this session
*
* Demonstration of the Session Functionality for Foxx,
* simple case of authentication: Every logged in user can use it
*/
controller.get('/counter', function (req, res) {
req.currentSession.set("counter", 1 + (req.currentSession.get("counter") || 0));
res.json({
"counter": req.currentSession.get("counter")
});
}).onlyIfAuthenticated(401, "Only logged in users can count");
/** Dump all Session data
*
* Just to show you all data in this session,
* also demonstrates how to restrict a route to admins only
*/
controller.get('/dump', function (req, res) {
res.json({
"session": req.currentSession.data,
});
}).onlyIf(userIsAdmin).errorResponse(NoAdmin, 401, "User has to be admin");
}());