r
/
p5.js-web-editor
1
0
Fork 0
Code Issues 1 Pull Requests Releases 1 Wiki Activity

add isAuthenticated middleware, add isAuthenticated middleware to certain routes, make all other routes consistent

This commit is contained in:
Cassie Tarakajian 2018-01-09 15:57:49 -05:00
parent 5738b07515
commit fb1684ce4b
10 changed files with 59 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server/controllers/project.controller.js
View File

@ -8,11 +8,6 @@ import User from '../models/user';
import { deleteObjectsFromS3, getObjectKey } from './aws.controller';
export function createProject(req, res) {
if (!req.user) {
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
return;
}
let projectValues = {
user: req.user._id
};
@ -38,7 +33,7 @@ export function createProject(req, res) {
export function updateProject(req, res) {
Project.findById(req.params.project_id, (findProjectErr, project) => {
if (!req.user || !project.user.equals(req.user._id)) {
if (!project.user.equals(req.user._id)) {
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
return;
}
@ -107,7 +102,7 @@ function deleteFilesFromS3(files) {
export function deleteProject(req, res) {
Project.findById(req.params.project_id, (findProjectErr, project) => {
if (!req.user || !project.user.equals(req.user._id)) {
if (!project.user.equals(req.user._id)) {
res.status(403).json({ success: false, message: 'Session does not match owner of project.' });
return;
}

4
server/routes/asset.routes.js
View File

@ -4,8 +4,8 @@ import { getFileContent } from '../controllers/file.controller';
const router = new Router();
router.route('/:username/sketches/:project_id/*').get(getProjectAsset);
router.get('/:username/sketches/:project_id/*', getProjectAsset);
router.route('/sketches/:project_id/assets/*?').get(getFileContent);
router.get('/sketches/:project_id/assets/*?', getFileContent);
export default router;

9
server/routes/aws.routes.js
View File

@ -1,11 +1,12 @@
import { Router } from 'express';
import * as AWSController from '../controllers/aws.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router();
router.route('/S3/sign').post(AWSController.signS3);
router.route('/S3/copy').post(AWSController.copyObjectInS3);
router.route('/S3/:object_key').delete(AWSController.deleteObjectFromS3);
router.route('/S3/:username/objects').get(AWSController.listObjectsInS3ForUser);
router.post('/S3/sign', isAuthenticated, AWSController.signS3);
router.post('/S3/copy', isAuthenticated, AWSController.copyObjectInS3);
router.delete('/S3/:object_key', isAuthenticated, AWSController.deleteObjectFromS3);
router.get('/S3/:username/objects', AWSController.listObjectsInS3ForUser);
export default router;

4
server/routes/embed.routes.js
View File

@ -3,7 +3,7 @@ import * as EmbedController from '../controllers/embed.controller';
const router = new Router();
router.route('/embed/:project_id').get(EmbedController.serveProject);
router.route('/full/:project_id').get(EmbedController.serveProject);
router.get('/embed/:project_id', EmbedController.serveProject);
router.get('/full/:project_id', EmbedController.serveProject);
export default router;

5
server/routes/file.routes.js
View File

@ -1,9 +1,10 @@
import { Router } from 'express';
import * as FileController from '../controllers/file.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router();
router.route('/projects/:project_id/files').post(FileController.createFile);
router.route('/projects/:project_id/files/:file_id').delete(FileController.deleteFile);
router.post('/projects/:project_id/files', isAuthenticated, FileController.createFile);
router.delete('/projects/:project_id/files/:file_id', isAuthenticated, FileController.deleteFile);
export default router;

15
server/routes/project.routes.js
View File

@ -1,20 +1,21 @@
import { Router } from 'express';
import * as ProjectController from '../controllers/project.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router();
router.route('/projects').post(ProjectController.createProject);
router.post('/projects', isAuthenticated, ProjectController.createProject);
router.route('/projects/:project_id').put(ProjectController.updateProject);
router.put('/projects/:project_id', isAuthenticated, ProjectController.updateProject);
router.route('/projects/:project_id').get(ProjectController.getProject);
router.get('/projects/:project_id', ProjectController.getProject);
router.route('/projects/:project_id').delete(ProjectController.deleteProject);
router.delete('/projects/:project_id', isAuthenticated, ProjectController.deleteProject);
router.route('/projects').get(ProjectController.getProjects);
router.get('/projects', ProjectController.getProjects);
router.route('/:username/projects').get(ProjectController.getProjectsForUser);
router.get('/:username/projects', ProjectController.getProjectsForUser);
router.route('/projects/:project_id/zip').get(ProjectController.downloadProjectAsZip);
router.get('/projects/:project_id/zip', ProjectController.downloadProjectAsZip);
export default router;

28
server/routes/server.routes.js
View File

@ -9,70 +9,70 @@ const router = new Router();
// this is intended to be a temporary file
// until i figure out isomorphic rendering
router.route('/').get((req, res) => {
router.get('/', (req, res) => {
res.send(renderIndex());
});
router.route('/signup').get((req, res) => {
router.get('/signup', (req, res) => {
if (req.user) {
return res.redirect('/');
}
return res.send(renderIndex());
});
router.route('/projects/:project_id').get((req, res) => {
router.get('/projects/:project_id', (req, res) => {
res.send(renderIndex());
});
router.route('/:username/sketches/:project_id').get((req, res) => {
router.get('/:username/sketches/:project_id', (req, res) => {
res.send(renderIndex());
});
// router.route('/full/:project_id').get((req, res) => {
// router.get('/full/:project_id', (req, res) => {
// res.send(renderIndex());
// });
router.route('/login').get((req, res) => {
router.get('/login', (req, res) => {
if (req.user) {
return res.redirect('/');
}
return res.send(renderIndex());
});
router.route('/reset-password').get((req, res) => {
router.get('/reset-password', (req, res) => {
res.send(renderIndex());
});
router.route('/reset-password/:reset_password_token').get((req, res) => {
router.get('/reset-password/:reset_password_token', (req, res) => {
res.send(renderIndex());
});
router.route('/verify').get((req, res) => {
router.get('/verify', (req, res) => {
res.send(renderIndex());
});
router.route('/sketches').get((req, res) => {
router.get('/sketches', (req, res) => {
res.send(renderIndex());
});
router.route('/about').get((req, res) => {
router.get('/about', (req, res) => {
res.send(renderIndex());
});
router.route('/:username/sketches').get((req, res) => {
router.get('/:username/sketches', (req, res) => {
userExists(req.params.username, exists => (
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
));
});
router.route('/:username/assets').get((req, res) => {
router.get('/:username/assets', (req, res) => {
userExists(req.params.username, exists => (
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
));
});
router.route('/:username/account').get((req, res) => {
router.get('/:username/account', (req, res) => {
userExists(req.params.username, exists => (
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
));

8
server/routes/session.routes.js
View File

@ -3,12 +3,10 @@ import * as SessionController from '../controllers/session.controller';
const router = new Router();
router.route('/login').post(SessionController.createSession);
router.post('/login', SessionController.createSession);
router.route('/session').get(SessionController.getSession);
router.get('/session', SessionController.getSession);
router.route('/logout').get(SessionController.destroySession);
router.get('/logout', SessionController.destroySession);
export default router;
// TODO add github authentication stuff

19
server/routes/user.routes.js
View File

@ -1,24 +1,25 @@
import { Router } from 'express';
import * as UserController from '../controllers/user.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router();
router.route('/signup').post(UserController.createUser);
router.post('/signup', UserController.createUser);
router.route('/signup/duplicate_check').get(UserController.duplicateUserCheck);
router.get('/signup/duplicate_check', UserController.duplicateUserCheck);
router.route('/preferences').put(UserController.updatePreferences);
router.put('/preferences', isAuthenticated, UserController.updatePreferences);
router.route('/reset-password').post(UserController.resetPasswordInitiate);
router.post('/reset-password', UserController.resetPasswordInitiate);
router.route('/reset-password/:token').get(UserController.validateResetPasswordToken);
router.get('/reset-password/:token', UserController.validateResetPasswordToken);
router.route('/reset-password/:token').post(UserController.updatePassword);
router.post('/reset-password/:token', UserController.updatePassword);
router.route('/account').put(UserController.updateSettings);
router.put('/account', isAuthenticated, UserController.updateSettings);
router.route('/verify/send').post(UserController.emailVerificationInitiate);
router.post('/verify/send', UserController.emailVerificationInitiate);
router.route('/verify').get(UserController.verifyEmail);
router.get('/verify', UserController.verifyEmail);
export default router;

10
server/utils/isAuthenticated.js Normal file
View File

@ -0,0 +1,10 @@
export default function isAuthenticated(req, res, next) {
if (req.user) {
return next();
}
res.status(403).send({
success: false,
message: 'You must be logged in in order to perform the requested action.'
});
}