Version 1.0.2

app/app.js

@@ -6,7 +6,7 @@ const cors = require('cors');
 const config = require('app/global/config');
 const mongoose = require('mongoose');
 
-const ValidAuthTokenMiddleware = require('app/global/middlewares/ValidAuthToken');
+const AccessValidatorMiddleware = require('app/global/middlewares/AccessValidator');
 
 const expressGraphQL = require('express-graphql');
 const GraphQLSchema = require('app/graphql');
@@ -26,7 +26,7 @@ app.use( body_parser.json({ limit: '50mb' }) );
 app.use( body_parser.urlencoded({ limit: '50mb', extended: true }) );
 
 // make sure all the requests are made by authenticated users.
-app.use( ValidAuthTokenMiddleware );
+app.use( AccessValidatorMiddleware );
 
 
 // disable graphiql in production., so other users cant access the graphiql ui
@@ -41,7 +41,12 @@ app.use(
 );
 
 app.get( '/', (req, res) => {
-	res.json({ code: 200, online: true, message: 'success' });
+	res.json({
+		code: 200,
+		online: true,
+		message: 'success',
+		description: 'Welcome, this is the backend for the productivity application.'
+	});
 });
 
 

app/global/middlewares/AccessValidator.js

@@ -0,0 +1,87 @@
+'use strict';
+
+const Loka = require('loka');
+const User = require('app/services/models/User');
+const jwt = require('jsonwebtoken');
+const config = require('app/global/config');
+const Response = require('app/global/helpers/Response');
+
+module.exports = ( req, res, next ) => {
+
+	// incase we add different routes and dont want to run this middleware when they are accessed.
+	const ignoredRoutes = [
+		'/',
+	];
+
+	// these can be accessed by users without logging in.
+	const publicOperations = [
+		'Login',
+		'Signup',
+		'Logout',
+		'PublicBoard',
+	];
+
+
+
+	// if the route is present in the ignoredRoutes, just return next.
+	if ( ignoredRoutes.includes(req.path) ) {
+		return next();
+	}
+
+
+	let operationName = '';
+	if ( req.body && req.body.operationName ) { operationName = req.body.operationName; }
+
+	// if the GraphQL operation is not present in publicOperations
+	if( ! publicOperations.includes(operationName) ) {
+
+		const authorization_header = req.headers.authorization;
+		let token;
+		if ( authorization_header ) { token = authorization_header.split(" ")[1]; }
+
+		if ( token ) {
+
+			// reset the user data, for every request.
+			Loka.set('user', {});
+
+			jwt.verify( token, config.server.WEB_TOKEN_SECRET, (err, decoded_user) => {
+
+				if ( err ) {
+					if ( err.name === 'TokenExpiredError' ) {
+						// throw new Error('Your token has expired. please login again to generate new token.');
+						res.json( Response.error(401, 'Unauthorized', 'Your token has expired. please login again to generate new token.') );
+					} else {
+						res.json( Response.authError() );
+					}
+				}
+				else {
+					User.findById( decoded_user.id, (error, user) => {
+						if (error) {
+							res.json( Response.authError() );
+						} else {
+							req.user = user; // just incase we decide to access current user info from req object
+							Loka.set('user', user); // setting it using loka, so this can be accessed from other files.
+							next();
+						}
+					});
+				}
+
+			});
+
+		} else {
+
+			return res.json({
+				code: 400,
+				error: true,
+				message: 'Authentication error occoured, you must be logged in to access the server.'
+			});
+
+		}
+
+	} else {
+		// we don't need to validate the token as this doesnt require user to be authenticated.
+		next();
+	}
+
+
+};

app/graphql/resolvers/Auth.js

@@ -38,7 +38,7 @@ class AuthController extends ModelController {
 
 
 	logout(options) {
-		const id = this.store.user.id;
+		const id = this.store.user ? this.store.user.id : 0;
 		return { status: true, id: id };
 	}
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "productivity-backend",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Backend for the productivity application",
   "main": "index.js",
   "scripts": {