Curry another layer of auth header so usable

camicroscope · Aug 30, 2022 · 5403392 · 5403392
1 parent 8aed98d
commit 5403392
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 28 deletions.
diff --git a/caracal.js b/caracal.js
@@ -75,7 +75,7 @@ var HANDLERS = {
   "loginHandler": function() {
     return auth.loginHandler(auth.PUBKEY);
   },
-  "loginWithHeader": auth.loginWithHeader,
+  "loginWithHeader": auth.loginWithHeader(auth.PRIKEY, userFunction),
   "sanitizeBody": function() {
     return sanitizeBody;
   },

diff --git a/handlers/authHandlers.js b/handlers/authHandlers.js
@@ -264,33 +264,35 @@ function firstSetupUserSignupExists() {
 }
 
 // Use a trusted header instead of a jwt for login. Use carefully if at all.
-function loginWithHeader(header, signKey, userFunction) {
-  return function(req, res) {
-    // get the correct header, set it to use userFunction
-    let token = {"email": req.headers[header]};
-    // login using that
-    userFunction(token).then((x) => {
-      if (x === false) {
-        res.status(401).send({
-          'err': 'User Unauthorized',
-        });
-      } else {
-        data = x;
-        delete data['exp'];
-        // sign using the mounted key
-        var token = jwt.sign(data, signKey, {
-          algorithm: 'RS256',
-          expiresIn: EXPIRY,
-        });
-        res.send({
-          'token': token,
-        });
-      }
-    }).catch((e) => {
-      console.log(e);
-      res.status(401).send(e);
-    });
-  };
+function loginWithHeader(signKey, userFunction) {
+  return function(header){
+    return function(req, res) {
+      // get the correct header, set it to use userFunction
+      let token = {"email": req.headers[header]};
+      // login using that
+      userFunction(token).then((x) => {
+        if (x === false) {
+          res.status(401).send({
+            'err': 'User Unauthorized',
+          });
+        } else {
+          data = x;
+          delete data['exp'];
+          // sign using the mounted key
+          var token = jwt.sign(data, signKey, {
+            algorithm: 'RS256',
+            expiresIn: EXPIRY,
+          });
+          res.send({
+            'token': token,
+          });
+        }
+      }).catch((e) => {
+        console.log(e);
+        res.status(401).send(e);
+      });
+    };
+  }
 }
 
 auth = {};