express-blog/src/middleware/authCheck.js at main

Fork: 0

jason / express-blog

Find file

Newer

Older

express-blog / src / middleware / authCheck.js

Jason Poage 29 days ago 890 bytes modified: package.nix

Raw Blame History

// middleware/authCheck.js

const crypto = require("crypto");
function generateNonce() {
  return crypto.randomBytes(16).toString("base64");
}

module.exports = async (req, res, next) => {
  // Initialize default state
  res.locals.session = {
    nonce: generateNonce(),
    isAuthenticated: false,
    user: null,
    groups: [],
  };

  if (req.oidc.isAuthenticated()) {
    // Pull data directly from the encrypted session cookie
    // No network calls, no Map lookups, no staleness
    try {
      const user = await req.oidc.fetchUserInfo();
      const claims = req.oidc.idTokenClaims;
      const oidcNonce = claims.nonce;

      res.locals.session = {
        // claims,
        isAuthenticated: true,
        nonce: oidcNonce,
        ...user,
      };
    } catch (e) {
      // This should clear the session when i get around to it
      return next();
    }
  }

  next();
};