added can_have_cloak assertion
This commit is contained in:
@@ -2,6 +2,8 @@ import fs from 'fs';
|
||||
import dotenv from 'dotenv';
|
||||
import jwt from 'jsonwebtoken';
|
||||
|
||||
import UserService from '../services/user.js';
|
||||
|
||||
dotenv.config({path: ".env"});
|
||||
|
||||
const authenticate = async (req, res, next) => {
|
||||
@@ -29,4 +31,11 @@ const validateInviteToken = async (req, res, next) => {
|
||||
next();
|
||||
};
|
||||
|
||||
export default {authenticate, validateInviteToken};
|
||||
const canHaveCloak = async (req, res, next) => {
|
||||
const { username } = jwt.decode(req.session.jwt);
|
||||
if (!(await UserService.canHaveCloak(username)))
|
||||
return res.status(403).send("You cannot have cloak");
|
||||
next();
|
||||
}
|
||||
|
||||
export default {authenticate, validateInviteToken, canHaveCloak};
|
||||
@@ -1,5 +1,10 @@
|
||||
import dotenv from 'dotenv';
|
||||
import jwt from 'jsonwebtoken';
|
||||
|
||||
import UserService from '../services/user.js';
|
||||
|
||||
dotenv.config({path: ".env"});
|
||||
|
||||
const userDoesNotExist = async (req, res, next) => {
|
||||
|
||||
const { username } = req.body;
|
||||
@@ -11,7 +16,15 @@ const userDoesNotExist = async (req, res, next) => {
|
||||
};
|
||||
|
||||
const userExist = async (req, res, next) => {
|
||||
const { username } = req.body;
|
||||
let username;
|
||||
if (req.body.username) {
|
||||
username = req.body.username;
|
||||
} else if (req.session.jwt) {
|
||||
if (!req.session.jwt || !jwt.verify(req.session.jwt, process.env.SECRET)) {
|
||||
return res.status(403).send("Unauthorized");
|
||||
}
|
||||
username = jwt.decode(req.session.jwt).username;
|
||||
}
|
||||
|
||||
if (!(await UserService.exists(username))) {
|
||||
return res.status(401).send("Such user does not exists!");
|
||||
|
||||
@@ -12,7 +12,7 @@ const ApiRouter = new Router();
|
||||
ApiRouter.post('/register', requiredParameters.requireUsername, requiredParameters.requirePassword, auth.validateInviteToken, existance.userDoesNotExist, UserController.register);
|
||||
ApiRouter.post('/login', requiredParameters.requireUsername, requiredParameters.requirePassword, existance.userExist, UserController.login);
|
||||
ApiRouter.get('/logout', auth.authenticate, UserController.logout);
|
||||
ApiRouter.post('/uploadSkin', auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadSkin);
|
||||
ApiRouter.post('/uploadCape', auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadCape);
|
||||
ApiRouter.post('/uploadSkin', existance.userExist, auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadSkin);
|
||||
ApiRouter.post('/uploadCape', existance.userExist, auth.authenticate, auth.canHaveCloak, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadCape);
|
||||
|
||||
export default ApiRouter;
|
||||
@@ -19,9 +19,12 @@ UserRouter.get('/register', async (req, res) => {
|
||||
});
|
||||
|
||||
UserRouter.get(['/', '/login'], async (req, res) => {
|
||||
if(req.session.jwt && jwt.verify(req.session.jwt, process.env.SECRET))
|
||||
if(req.session.jwt && jwt.verify(req.session.jwt, process.env.SECRET)) {
|
||||
console.log(req.session.jwt)
|
||||
return res.redirect("/index");
|
||||
|
||||
}
|
||||
|
||||
return res.render("login.pug");
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user