Hyperlink/src/app/http/middlewares/auth/ValidateAccessToken.middleware.ts

import {HTTPError, Middleware} from '@extollo/lib'
import {Injectable} from '@extollo/di'
import {AccessToken} from '../../../models/AccessToken.model'
import {HTTPStatus} from '@extollo/util'
import {User} from '../../../models/User.model'

/**
 * ValidateAccessToken Middleware
 */
@Injectable()
export class ValidateAccessToken extends Middleware {
    public async apply() {
        const tokenValue = this.request.getHeader('X-Hyperlink-Access-Token')
            || this.request.input('x_hyperlink_access_token')

        if ( !tokenValue ) {
            throw new HTTPError(HTTPStatus.FORBIDDEN, 'Missing access token.')
        }

        const token = await AccessToken.query<AccessToken>()
            .where('active', '=', true)
            .where('token', '=', tokenValue)
            .first()

        if ( !token ) {
            throw new HTTPError(HTTPStatus.FORBIDDEN, 'Invalid access token.')
        }

        const user = await token.user()
        if ( !user ) {
            throw new HTTPError(HTTPStatus.FORBIDDEN, 'Invalid access token.')
        }

        if ( !this.request.hasKey(User) ) {
            this.request.registerSingletonInstance<User>(User, user)
        }
    }
}