const auth = require('basic-auth'); const User = require('../user'); const AuthenticationRequired = require('../authentication-required'); function unsecureAuthentication(basePath = '', app) { app.post(`${basePath}/api/admin/login`, (req, res) => { const user = req.body; req.session.user = new User({ email: user.email }); res.status(200) .json(req.session.user) .end(); }); app.use(`${basePath}/api/admin/`, (req, res, next) => { if (req.session.user && req.session.user.email) { req.user = req.session.user; } else if (req.header('authorization')) { const user = auth(req); if (user && user.name) { req.user = new User({ username: user.name }); } } next(); }); app.use(`${basePath}/api/admin/`, (req, res, next) => { if (req.user) { return next(); } return res .status('401') .json( new AuthenticationRequired({ path: `${basePath}/api/admin/login`, type: 'unsecure', message: 'You have to identify yourself in order to use Unleash.', }), ) .end(); }); } module.exports = unsecureAuthentication;