perform auth check on GET request

jjg · Nov 12, 2015 · 74591ae · 74591ae
1 parent 7b10f2c
commit 74591ae
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/server.js b/server.js
@@ -381,6 +381,20 @@ http.createServer(function(req, res){
       if(inode){
         requested_file = inode;
 
+        // check authorization
+        if(inode.private){
+          if((access_key && access_key === inode.access_key) ||
+            (access_token && token_valid(access_token, inode, req.method)) ||
+            (access_token && expires && time_token_valid(access_token, inode, expires, req.method))){
+            log.message(log.INFO, "GET request authorized");
+          } else {
+            log.message(log.WARN, "GET request unauthorized");
+            res.statusCode = 401;
+            res.end();
+            break;
+          }
+        }
+
         // return status
         res.statusCode = 200;