I have a web server (developped with sailsjs) that acts as an authentication API. Basically, for each request, it:
- gets the Bearer token in the Authorization header
- gets the incoming url
and checks if the requested user has the right on this particular resource.
I'd like to be able to do this check before receiving the body of the request (that could be several Gigabytes files) and, once the authorization is ok, send those file to another webserver dedicated to the file processing.
Could this check be done before receiving the body ?
In a config/oaut2.js file I've added the following:
module.exports = {
express: {
customMiddleware: function(app){
/***** OAuth authentication before accepting large files *****/
app.post('/test',
function(req, res, next){
passport.authenticate(
'bearer',
function(err, user, info)
{
if ((err) || (!user))
{
res.send(401);
return;
}
delete req.query.access_token;
req.user = user;
return next();
}
)(req, res);
},
function(req, res){
// HERE WILL BE HANDLED THE LARGE FILE
return res.json({status: 'ok'});
});
}
}
}
But even if the Bearer token is not correct, the second function (the one handling the files) is triggered