unstashParams.js

/**
 * Module dependencies
 */

var client = require('../boot/redis')
  , MissingStateError = require('../errors/MissingStateError')
  , ExpiredAuthorizationRequestError = require('../errors/ExpiredAuthorizationRequestError')
  ;


/**
 * Unstash authorization params
 */

function unstashParams (req, res, next) {
  // OAuth 2.0 callbacks should have a state param
  // OAuth 1.0 must use the session to store the state value
  var id = req.query.state || req.session.state
    , key = 'authorization:' + id
    ;

  if (!id) { // && request is OAuth 2.0
    return next(new MissingStateError());
  }

  client.get(key, function (err, params) {
    if (err)    { return next(err); }

    // This handles expired and mismatching state params
    if (!params) { return next(new ExpiredAuthorizationRequestError()); }

    try {
      req.connectParams = JSON.parse(params);
    } catch (err) {
      next(err);
    }

    next();
  });
}


/**
 * Exports
 */

module.exports = unstashParams;