audiobookshelf/server/middleware/sessionOrJwt.js

49 lines
1.5 KiB
JavaScript

// server/middleware/sessionOrJwt.js
let AchievementManager = null;
try {
// If you actually have an achievements manager, require it here.
// Otherwise keep this try/catch and we'll simply no-op below.
AchievementManager = require('../managers/AchievementManager');
} catch (_) {
// optional; safely ignored when absent
}
function fireLoginEvent(req) {
try {
// Only call if the module exists AND exposes applyEvent
if (!AchievementManager || typeof AchievementManager.applyEvent !== 'function') return;
if (req._absLoginEventSent) return;
const user = req.user;
const uid = user && (user.id || user.userId);
if (!uid) return;
req._absLoginEventSent = true;
AchievementManager.applyEvent(String(uid), 'userLoggedIn').catch(() => {});
} catch (_) {
// never break auth flow
}
}
module.exports = (auth) => {
if (!auth || typeof auth.isAuthenticated !== 'function') {
throw new Error('[sessionOrJwt] auth.isAuthenticated missing');
}
return (req, res, next) => {
// If something upstream already attached req.user, fire and continue.
if (req.user && (req.user.id || req.user.userId)) {
fireLoginEvent(req);
return next();
}
auth.isAuthenticated(req, res, (err) => {
if (err) return next(err);
if (req.user && (req.user.id || req.user.userId)) {
fireLoginEvent(req);
return next();
}
// IMPORTANT: 401 here (not 500) when no credentials
return res.status(401).send('Unauthorized');
});
};
};