From 74591aedb6504700ec226c483af88caa580f41be Mon Sep 17 00:00:00 2001
From: "Jason J. Gullickson" <jason.gullickson@gmail.com>
Date: Thu, 12 Nov 2015 17:17:33 -0600
Subject: [PATCH] perform auth check on GET request

---
 server.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/server.js b/server.js
index 934e023..c5e2245 100644
--- a/server.js
+++ b/server.js
@@ -381,6 +381,20 @@ http.createServer(function(req, res){
       if(inode){
         requested_file = inode;
 
+        // check authorization
+        if(inode.private){
+          if((access_key && access_key === inode.access_key) ||
+            (access_token && token_valid(access_token, inode, req.method)) ||
+            (access_token && expires && time_token_valid(access_token, inode, expires, req.method))){
+            log.message(log.INFO, "GET request authorized");
+          } else {
+            log.message(log.WARN, "GET request unauthorized");
+            res.statusCode = 401;
+            res.end();
+            break;
+          }
+        }
+
         // return status
         res.statusCode = 200;