From d5856ba923d44965742eaa7f37b4418935fe621c Mon Sep 17 00:00:00 2001
From: Liang Tang <1074461480@qq.com>
Date: Wed, 30 May 2018 12:37:10 +0800
Subject: [PATCH] Remove authorization from specific routes (#642)

* fixes #569

* update listObjectsInS3ForUser

* update client-side routes

* update aws controller

* update

* redirect to /login when unlogged in
---
 client/components/Nav.jsx                   |  4 ++--
 client/modules/IDE/actions/assets.js        |  4 ++--
 client/modules/IDE/components/AssetList.jsx |  2 +-
 client/routes.jsx                           |  4 ++--
 server/controllers/aws.controller.js        |  2 +-
 server/routes/aws.routes.js                 |  2 +-
 server/routes/server.routes.js              | 22 +++++++++------------
 7 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/client/components/Nav.jsx b/client/components/Nav.jsx
index 3b4f947f..154d9695 100644
--- a/client/components/Nav.jsx
+++ b/client/components/Nav.jsx
@@ -478,7 +478,7 @@ class Nav extends React.PureComponent {
                 </li>
                 <li className="nav__dropdown-item">
                   <Link
-                    to={`/${this.props.user.username}/assets`}
+                    to="/assets"
                     onFocus={this.handleFocus.bind(this, 'account')}
                     onBlur={this.handleBlur}
                     onClick={this.setDropdown.bind(this, 'none')}
@@ -488,7 +488,7 @@ class Nav extends React.PureComponent {
                 </li>
                 <li className="nav__dropdown-item">
                   <Link
-                    to={`/${this.props.user.username}/account`}
+                    to="/account"
                     onFocus={this.handleFocus.bind(this, 'account')}
                     onBlur={this.handleBlur}
                     onClick={this.setDropdown.bind(this, 'none')}
diff --git a/client/modules/IDE/actions/assets.js b/client/modules/IDE/actions/assets.js
index 8cceb91e..04de03bb 100644
--- a/client/modules/IDE/actions/assets.js
+++ b/client/modules/IDE/actions/assets.js
@@ -11,9 +11,9 @@ function setAssets(assets) {
   };
 }
 
-export function getAssets(username) {
+export function getAssets() {
   return (dispatch, getState) => {
-    axios.get(`${ROOT_URL}/S3/${username}/objects`, { withCredentials: true })
+    axios.get(`${ROOT_URL}/S3/objects`, { withCredentials: true })
       .then((response) => {
         dispatch(setAssets(response.data.assets));
       })
diff --git a/client/modules/IDE/components/AssetList.jsx b/client/modules/IDE/components/AssetList.jsx
index accc0c98..42513fba 100644
--- a/client/modules/IDE/components/AssetList.jsx
+++ b/client/modules/IDE/components/AssetList.jsx
@@ -13,7 +13,7 @@ import * as AssetActions from '../actions/assets';
 class AssetList extends React.Component {
   constructor(props) {
     super(props);
-    this.props.getAssets(this.props.username);
+    this.props.getAssets();
   }
 
   getAssetsTitle() {
diff --git a/client/routes.jsx b/client/routes.jsx
index ff1fb5f2..f7d379a6 100644
--- a/client/routes.jsx
+++ b/client/routes.jsx
@@ -47,10 +47,10 @@ const routes = (store) => {
       <Route path="/projects/:project_id" component={IDEView} />
       <Route path="/full/:project_id" component={FullView} />
       <Route path="/sketches" component={IDEView} />
+      <Route path="/assets" component={IDEView} />
+      <Route path="/account" component={forceToHttps(AccountView)} />
       <Route path="/:username/sketches/:project_id" component={IDEView} />
       <Route path="/:username/sketches" component={IDEView} />
-      <Route path="/:username/assets" component={IDEView} />
-      <Route path="/:username/account" component={forceToHttps(AccountView)} />
       <Route path="/about" component={IDEView} />
       <Route path="/feedback" component={IDEView} />
     </Route>
diff --git a/server/controllers/aws.controller.js b/server/controllers/aws.controller.js
index d41c236e..09c1480e 100644
--- a/server/controllers/aws.controller.js
+++ b/server/controllers/aws.controller.js
@@ -109,7 +109,7 @@ export function copyObjectInS3(req, res) {
 }
 
 export function listObjectsInS3ForUser(req, res) {
-  const { username } = req.params;
+  const { username } = req.user;
   findUserByUsername(username, (user) => {
     const userId = user.id;
     const params = {
diff --git a/server/routes/aws.routes.js b/server/routes/aws.routes.js
index 6367f32c..0bda0f8b 100644
--- a/server/routes/aws.routes.js
+++ b/server/routes/aws.routes.js
@@ -7,6 +7,6 @@ const router = new Router();
 router.post('/S3/sign', isAuthenticated, AWSController.signS3);
 router.post('/S3/copy', isAuthenticated, AWSController.copyObjectInS3);
 router.delete('/S3/:object_key', isAuthenticated, AWSController.deleteObjectFromS3);
-router.get('/S3/:username/objects', AWSController.listObjectsInS3ForUser);
+router.get('/S3/objects', AWSController.listObjectsInS3ForUser);
 
 export default router;
diff --git a/server/routes/server.routes.js b/server/routes/server.routes.js
index b0d9eade..d7e19077 100644
--- a/server/routes/server.routes.js
+++ b/server/routes/server.routes.js
@@ -57,7 +57,15 @@ router.get('/verify', (req, res) => {
 });
 
 router.get('/sketches', (req, res) => {
-  res.send(renderIndex());
+  req.user ? res.send(renderIndex()) : res.redirect('/login');
+});
+
+router.get('/assets', (req, res) => {
+  req.user ? res.send(renderIndex()) : res.redirect('/login');
+});
+
+router.get('/account', (req, res) => {
+  req.user ? res.send(renderIndex()) : res.redirect('/login');
 });
 
 router.get('/about', (req, res) => {
@@ -74,16 +82,4 @@ router.get('/:username/sketches', (req, res) => {
   ));
 });
 
-router.get('/:username/assets', (req, res) => {
-  userExists(req.params.username, exists => (
-    exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
-  ));
-});
-
-router.get('/:username/account', (req, res) => {
-  userExists(req.params.username, exists => (
-    exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
-  ));
-});
-
 export default router;