From fb1684ce4b3fab3fae25861769939dba76029dc6 Mon Sep 17 00:00:00 2001 From: Cassie Tarakajian Date: Tue, 9 Jan 2018 15:57:49 -0500 Subject: [PATCH] add isAuthenticated middleware, add isAuthenticated middleware to certain routes, make all other routes consistent --- server/controllers/project.controller.js | 9 ++------ server/routes/asset.routes.js | 4 ++-- server/routes/aws.routes.js | 9 ++++---- server/routes/embed.routes.js | 4 ++-- server/routes/file.routes.js | 5 +++-- server/routes/project.routes.js | 15 +++++++------ server/routes/server.routes.js | 28 ++++++++++++------------ server/routes/session.routes.js | 8 +++---- server/routes/user.routes.js | 19 ++++++++-------- server/utils/isAuthenticated.js | 10 +++++++++ 10 files changed, 59 insertions(+), 52 deletions(-) create mode 100644 server/utils/isAuthenticated.js diff --git a/server/controllers/project.controller.js b/server/controllers/project.controller.js index f2f8c82c..f1b179a2 100644 --- a/server/controllers/project.controller.js +++ b/server/controllers/project.controller.js @@ -8,11 +8,6 @@ import User from '../models/user'; import { deleteObjectsFromS3, getObjectKey } from './aws.controller'; export function createProject(req, res) { - if (!req.user) { - res.status(403).send({ success: false, message: 'Session does not match owner of project.' }); - return; - } - let projectValues = { user: req.user._id }; @@ -38,7 +33,7 @@ export function createProject(req, res) { export function updateProject(req, res) { Project.findById(req.params.project_id, (findProjectErr, project) => { - if (!req.user || !project.user.equals(req.user._id)) { + if (!project.user.equals(req.user._id)) { res.status(403).send({ success: false, message: 'Session does not match owner of project.' }); return; } @@ -107,7 +102,7 @@ function deleteFilesFromS3(files) { export function deleteProject(req, res) { Project.findById(req.params.project_id, (findProjectErr, project) => { - if (!req.user || !project.user.equals(req.user._id)) { + if (!project.user.equals(req.user._id)) { res.status(403).json({ success: false, message: 'Session does not match owner of project.' }); return; } diff --git a/server/routes/asset.routes.js b/server/routes/asset.routes.js index 4ded4ea1..dc4469d6 100644 --- a/server/routes/asset.routes.js +++ b/server/routes/asset.routes.js @@ -4,8 +4,8 @@ import { getFileContent } from '../controllers/file.controller'; const router = new Router(); -router.route('/:username/sketches/:project_id/*').get(getProjectAsset); +router.get('/:username/sketches/:project_id/*', getProjectAsset); -router.route('/sketches/:project_id/assets/*?').get(getFileContent); +router.get('/sketches/:project_id/assets/*?', getFileContent); export default router; diff --git a/server/routes/aws.routes.js b/server/routes/aws.routes.js index e31457a6..6367f32c 100644 --- a/server/routes/aws.routes.js +++ b/server/routes/aws.routes.js @@ -1,11 +1,12 @@ import { Router } from 'express'; import * as AWSController from '../controllers/aws.controller'; +import isAuthenticated from '../utils/isAuthenticated'; const router = new Router(); -router.route('/S3/sign').post(AWSController.signS3); -router.route('/S3/copy').post(AWSController.copyObjectInS3); -router.route('/S3/:object_key').delete(AWSController.deleteObjectFromS3); -router.route('/S3/:username/objects').get(AWSController.listObjectsInS3ForUser); +router.post('/S3/sign', isAuthenticated, AWSController.signS3); +router.post('/S3/copy', isAuthenticated, AWSController.copyObjectInS3); +router.delete('/S3/:object_key', isAuthenticated, AWSController.deleteObjectFromS3); +router.get('/S3/:username/objects', AWSController.listObjectsInS3ForUser); export default router; diff --git a/server/routes/embed.routes.js b/server/routes/embed.routes.js index c3d0819b..bea7e573 100644 --- a/server/routes/embed.routes.js +++ b/server/routes/embed.routes.js @@ -3,7 +3,7 @@ import * as EmbedController from '../controllers/embed.controller'; const router = new Router(); -router.route('/embed/:project_id').get(EmbedController.serveProject); -router.route('/full/:project_id').get(EmbedController.serveProject); +router.get('/embed/:project_id', EmbedController.serveProject); +router.get('/full/:project_id', EmbedController.serveProject); export default router; diff --git a/server/routes/file.routes.js b/server/routes/file.routes.js index deefe5dd..36139c46 100644 --- a/server/routes/file.routes.js +++ b/server/routes/file.routes.js @@ -1,9 +1,10 @@ import { Router } from 'express'; import * as FileController from '../controllers/file.controller'; +import isAuthenticated from '../utils/isAuthenticated'; const router = new Router(); -router.route('/projects/:project_id/files').post(FileController.createFile); -router.route('/projects/:project_id/files/:file_id').delete(FileController.deleteFile); +router.post('/projects/:project_id/files', isAuthenticated, FileController.createFile); +router.delete('/projects/:project_id/files/:file_id', isAuthenticated, FileController.deleteFile); export default router; diff --git a/server/routes/project.routes.js b/server/routes/project.routes.js index 21d360b5..5ccd2d91 100644 --- a/server/routes/project.routes.js +++ b/server/routes/project.routes.js @@ -1,20 +1,21 @@ import { Router } from 'express'; import * as ProjectController from '../controllers/project.controller'; +import isAuthenticated from '../utils/isAuthenticated'; const router = new Router(); -router.route('/projects').post(ProjectController.createProject); +router.post('/projects', isAuthenticated, ProjectController.createProject); -router.route('/projects/:project_id').put(ProjectController.updateProject); +router.put('/projects/:project_id', isAuthenticated, ProjectController.updateProject); -router.route('/projects/:project_id').get(ProjectController.getProject); +router.get('/projects/:project_id', ProjectController.getProject); -router.route('/projects/:project_id').delete(ProjectController.deleteProject); +router.delete('/projects/:project_id', isAuthenticated, ProjectController.deleteProject); -router.route('/projects').get(ProjectController.getProjects); +router.get('/projects', ProjectController.getProjects); -router.route('/:username/projects').get(ProjectController.getProjectsForUser); +router.get('/:username/projects', ProjectController.getProjectsForUser); -router.route('/projects/:project_id/zip').get(ProjectController.downloadProjectAsZip); +router.get('/projects/:project_id/zip', ProjectController.downloadProjectAsZip); export default router; diff --git a/server/routes/server.routes.js b/server/routes/server.routes.js index 2c4c3571..7029b41b 100644 --- a/server/routes/server.routes.js +++ b/server/routes/server.routes.js @@ -9,70 +9,70 @@ const router = new Router(); // this is intended to be a temporary file // until i figure out isomorphic rendering -router.route('/').get((req, res) => { +router.get('/', (req, res) => { res.send(renderIndex()); }); -router.route('/signup').get((req, res) => { +router.get('/signup', (req, res) => { if (req.user) { return res.redirect('/'); } return res.send(renderIndex()); }); -router.route('/projects/:project_id').get((req, res) => { +router.get('/projects/:project_id', (req, res) => { res.send(renderIndex()); }); -router.route('/:username/sketches/:project_id').get((req, res) => { +router.get('/:username/sketches/:project_id', (req, res) => { res.send(renderIndex()); }); -// router.route('/full/:project_id').get((req, res) => { +// router.get('/full/:project_id', (req, res) => { // res.send(renderIndex()); // }); -router.route('/login').get((req, res) => { +router.get('/login', (req, res) => { if (req.user) { return res.redirect('/'); } return res.send(renderIndex()); }); -router.route('/reset-password').get((req, res) => { +router.get('/reset-password', (req, res) => { res.send(renderIndex()); }); -router.route('/reset-password/:reset_password_token').get((req, res) => { +router.get('/reset-password/:reset_password_token', (req, res) => { res.send(renderIndex()); }); -router.route('/verify').get((req, res) => { +router.get('/verify', (req, res) => { res.send(renderIndex()); }); -router.route('/sketches').get((req, res) => { +router.get('/sketches', (req, res) => { res.send(renderIndex()); }); -router.route('/about').get((req, res) => { +router.get('/about', (req, res) => { res.send(renderIndex()); }); -router.route('/:username/sketches').get((req, res) => { +router.get('/:username/sketches', (req, res) => { userExists(req.params.username, exists => ( exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html)) )); }); -router.route('/:username/assets').get((req, res) => { +router.get('/:username/assets', (req, res) => { userExists(req.params.username, exists => ( exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html)) )); }); -router.route('/:username/account').get((req, res) => { +router.get('/:username/account', (req, res) => { userExists(req.params.username, exists => ( exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html)) )); diff --git a/server/routes/session.routes.js b/server/routes/session.routes.js index 8b68cefd..a153edb1 100644 --- a/server/routes/session.routes.js +++ b/server/routes/session.routes.js @@ -3,12 +3,10 @@ import * as SessionController from '../controllers/session.controller'; const router = new Router(); -router.route('/login').post(SessionController.createSession); +router.post('/login', SessionController.createSession); -router.route('/session').get(SessionController.getSession); +router.get('/session', SessionController.getSession); -router.route('/logout').get(SessionController.destroySession); +router.get('/logout', SessionController.destroySession); export default router; - -// TODO add github authentication stuff diff --git a/server/routes/user.routes.js b/server/routes/user.routes.js index 682ac698..427e0705 100644 --- a/server/routes/user.routes.js +++ b/server/routes/user.routes.js @@ -1,24 +1,25 @@ import { Router } from 'express'; import * as UserController from '../controllers/user.controller'; +import isAuthenticated from '../utils/isAuthenticated'; const router = new Router(); -router.route('/signup').post(UserController.createUser); +router.post('/signup', UserController.createUser); -router.route('/signup/duplicate_check').get(UserController.duplicateUserCheck); +router.get('/signup/duplicate_check', UserController.duplicateUserCheck); -router.route('/preferences').put(UserController.updatePreferences); +router.put('/preferences', isAuthenticated, UserController.updatePreferences); -router.route('/reset-password').post(UserController.resetPasswordInitiate); +router.post('/reset-password', UserController.resetPasswordInitiate); -router.route('/reset-password/:token').get(UserController.validateResetPasswordToken); +router.get('/reset-password/:token', UserController.validateResetPasswordToken); -router.route('/reset-password/:token').post(UserController.updatePassword); +router.post('/reset-password/:token', UserController.updatePassword); -router.route('/account').put(UserController.updateSettings); +router.put('/account', isAuthenticated, UserController.updateSettings); -router.route('/verify/send').post(UserController.emailVerificationInitiate); +router.post('/verify/send', UserController.emailVerificationInitiate); -router.route('/verify').get(UserController.verifyEmail); +router.get('/verify', UserController.verifyEmail); export default router; diff --git a/server/utils/isAuthenticated.js b/server/utils/isAuthenticated.js new file mode 100644 index 00000000..ea28eca3 --- /dev/null +++ b/server/utils/isAuthenticated.js @@ -0,0 +1,10 @@ +export default function isAuthenticated(req, res, next) { + if (req.user) { + return next(); + } + res.status(403).send({ + success: false, + message: 'You must be logged in in order to perform the requested action.' + }); +} +