app/models/user-model.js

/**
 * @module user-model
 */

const jwt = require('jwt-simple');
const url = require('url');
// var debug = require( 'debug' )( 'user-model' );

/**
 * Returns credentials from request object.
 * Handles `'basic'` and `'token'` authentication types.
 *
 * @static
 * @param {module:api-controller~ExpressRequest} req - HTTP request
 * @return {object|null} Credentials
 */
function getCredentials(req) {
    const auth = req.app.get('linked form and data server').authentication;
    const authType = auth.type.toLowerCase();
    let creds = null;

    if (authType === 'basic') {
        const jwToken =
            req.signedCookies[req.app.get('authentication cookie name')];
        creds = jwToken
            ? jwt.decode(jwToken, req.app.get('encryption key'))
            : null;
    } else if (authType === 'token') {
        const paramName = auth['query parameter'];
        if (!paramName) {
            throw new Error(
                'Enketo configuration error. No query parameter name configured for token authentication.'
            );
        }
        // Note url.parse is considered a legacy method now, and can be replaced for nodeJS 8+
        const referer = req.headers.referer
            ? url.parse(req.headers.referer, true)
            : null;
        const tokenValue = referer
            ? referer.query[paramName]
            : req.query[paramName];
        if (tokenValue) {
            creds = {
                bearer: tokenValue,
            };
        }
    }

    return creds;
}

module.exports = {
    getCredentials,
};