A route handler for CoCo The Bear that enforces session token authentication and authorization.
- Exposed authorization.js through index.js.
- Added authorizeRequest for authorizing that the resource with the identifier req.params.identifier belongs to the user with the id at req.user._id.
- Changed isAuthenticated to authenticateRequest to explicitly say that it is performing an action.
- authenticateRequest adds the user object to req.body.auth.user if req.user exists.
- Changed the 'authenticated' event to be an 'app-event' event to be in keeping with the standards imposed by CoCo The Bear.
- Added handling for a valid session token that sets req.user to the current user.
- Added handling for no session token that raises an unauthorized error.
- Added handling for an invalid session token that raises an unauthorized error.