From 0ffe4e2e5cc9a22d9ecde0f26f25f34c6f8920b3 Mon Sep 17 00:00:00 2001
From: AJ ONeal <awesome@coolaj86.com>
Date: Fri, 4 Dec 2015 08:11:34 +0000
Subject: [PATCH] add comments and debug

---
 lib/oauth3-auth.js    | 29 +++++++++++++++++++++--------
 lib/package-server.js |  5 ++++-
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/lib/oauth3-auth.js b/lib/oauth3-auth.js
index 18e0d53..ac5f933 100644
--- a/lib/oauth3-auth.js
+++ b/lib/oauth3-auth.js
@@ -5,18 +5,18 @@ var PromiseA = require('bluebird');
 module.exports.inject = function (app) {
   //var jwsUtils = require('./lib/jws-utils').create(signer);
   var CORS = require('connect-cors');
-
-  // Allows CORS access to API with ?access_token=
-  // TODO Access-Control-Max-Age: 600
-  // TODO How can we help apps handle this? token?
-  // TODO allow apps to configure trustedDomains, auth, etc
-  app.use('/', CORS({ credentials: true, headers: [
+  var cors = CORS({ credentials: true, headers: [
     'X-Requested-With'
   , 'X-HTTP-Method-Override'
   , 'Content-Type'
   , 'Accept'
   , 'Authorization'
-  ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] }));
+  ], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] });
+
+  // Allows CORS access to API with ?access_token=
+  // TODO Access-Control-Max-Age: 600
+  // TODO How can we help apps handle this? token?
+  // TODO allow apps to configure trustedDomains, auth, etc
 
   //function weakDecipher(secret, val) { return require('./weak-crypt').weakDecipher(val, secret); }
 
@@ -82,7 +82,13 @@ module.exports.inject = function (app) {
       if (!data) {
         err = new Error('not a json web token');
         err.code = 'E_NOT_JWT';
-        return PromiseA.reject(err);
+        res.send({
+          error: err.code
+        , error_description: err.message
+        , error_url: 'https://oauth3.org/docs/errors#' + (err.code || 'E_UNKNOWN_EXCEPTION')
+        });
+        // PromiseA.reject(err);
+        return;
       }
 
       req.oauth3.token = token;
@@ -91,5 +97,12 @@ module.exports.inject = function (app) {
     });
   }
 
+  /*
+  app.use('/', function (req, res, next) {
+    console.log('[DEBUG CORS]', req.method, req.hostname, req.url);
+    cors(req, res, next);
+  });
+  */
+
   app.use('/', getToken);
 };
diff --git a/lib/package-server.js b/lib/package-server.js
index 54a5553..33f851a 100644
--- a/lib/package-server.js
+++ b/lib/package-server.js
@@ -158,10 +158,12 @@ function getApi(pkgConf, pkgDeps, packagedApi) {
       require('./oauth3-auth').inject(packagedApi._api, pkgConf, pkgDeps);
 
       // DEBUG
+      /*
       packagedApi._api.use('/', function (req, res, next) {
         console.log('[DEBUG pkgsrv]', req.method, req.hostname, req.url);
         next();
       });
+      */
 
       // TODO fix backwards compat
 
@@ -249,6 +251,7 @@ function runApi(opts, router, req, res, next) {
   // TODO compile packagesMap
   // TODO people may want to use the framework in a non-framework way (i.e. to conceal the module name)
   router.packagedApis.some(function (_packagedApi) {
+    // console.log('[DEBUG _packagedApi.id]', _packagedApi.id);
     var pathname = router.pathname;
     if ('/' === pathname) {
       pathname = '';
@@ -306,7 +309,7 @@ function runApi(opts, router, req, res, next) {
     return;
   }
 
-  console.log("[DEBUG pkgpath]", pkgConf.apipath, packagedApi.id);
+  // console.log("[DEBUG pkgpath]", pkgConf.apipath, packagedApi.id);
   loadApi(pkgConf, pkgDeps, packagedApi).then(function (api) {
     api(req, res, next);
   }, function (err) {