add isAuthenticated middleware, add isAuthenticated middleware to certain routes, make all other routes consistent

This commit is contained in:
Cassie Tarakajian 2018-01-09 15:57:49 -05:00
parent 5738b07515
commit fb1684ce4b
10 changed files with 59 additions and 52 deletions

View file

@ -8,11 +8,6 @@ import User from '../models/user';
import { deleteObjectsFromS3, getObjectKey } from './aws.controller'; import { deleteObjectsFromS3, getObjectKey } from './aws.controller';
export function createProject(req, res) { export function createProject(req, res) {
if (!req.user) {
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
return;
}
let projectValues = { let projectValues = {
user: req.user._id user: req.user._id
}; };
@ -38,7 +33,7 @@ export function createProject(req, res) {
export function updateProject(req, res) { export function updateProject(req, res) {
Project.findById(req.params.project_id, (findProjectErr, project) => { Project.findById(req.params.project_id, (findProjectErr, project) => {
if (!req.user || !project.user.equals(req.user._id)) { if (!project.user.equals(req.user._id)) {
res.status(403).send({ success: false, message: 'Session does not match owner of project.' }); res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
return; return;
} }
@ -107,7 +102,7 @@ function deleteFilesFromS3(files) {
export function deleteProject(req, res) { export function deleteProject(req, res) {
Project.findById(req.params.project_id, (findProjectErr, project) => { Project.findById(req.params.project_id, (findProjectErr, project) => {
if (!req.user || !project.user.equals(req.user._id)) { if (!project.user.equals(req.user._id)) {
res.status(403).json({ success: false, message: 'Session does not match owner of project.' }); res.status(403).json({ success: false, message: 'Session does not match owner of project.' });
return; return;
} }

View file

@ -4,8 +4,8 @@ import { getFileContent } from '../controllers/file.controller';
const router = new Router(); const router = new Router();
router.route('/:username/sketches/:project_id/*').get(getProjectAsset); router.get('/:username/sketches/:project_id/*', getProjectAsset);
router.route('/sketches/:project_id/assets/*?').get(getFileContent); router.get('/sketches/:project_id/assets/*?', getFileContent);
export default router; export default router;

View file

@ -1,11 +1,12 @@
import { Router } from 'express'; import { Router } from 'express';
import * as AWSController from '../controllers/aws.controller'; import * as AWSController from '../controllers/aws.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router(); const router = new Router();
router.route('/S3/sign').post(AWSController.signS3); router.post('/S3/sign', isAuthenticated, AWSController.signS3);
router.route('/S3/copy').post(AWSController.copyObjectInS3); router.post('/S3/copy', isAuthenticated, AWSController.copyObjectInS3);
router.route('/S3/:object_key').delete(AWSController.deleteObjectFromS3); router.delete('/S3/:object_key', isAuthenticated, AWSController.deleteObjectFromS3);
router.route('/S3/:username/objects').get(AWSController.listObjectsInS3ForUser); router.get('/S3/:username/objects', AWSController.listObjectsInS3ForUser);
export default router; export default router;

View file

@ -3,7 +3,7 @@ import * as EmbedController from '../controllers/embed.controller';
const router = new Router(); const router = new Router();
router.route('/embed/:project_id').get(EmbedController.serveProject); router.get('/embed/:project_id', EmbedController.serveProject);
router.route('/full/:project_id').get(EmbedController.serveProject); router.get('/full/:project_id', EmbedController.serveProject);
export default router; export default router;

View file

@ -1,9 +1,10 @@
import { Router } from 'express'; import { Router } from 'express';
import * as FileController from '../controllers/file.controller'; import * as FileController from '../controllers/file.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router(); const router = new Router();
router.route('/projects/:project_id/files').post(FileController.createFile); router.post('/projects/:project_id/files', isAuthenticated, FileController.createFile);
router.route('/projects/:project_id/files/:file_id').delete(FileController.deleteFile); router.delete('/projects/:project_id/files/:file_id', isAuthenticated, FileController.deleteFile);
export default router; export default router;

View file

@ -1,20 +1,21 @@
import { Router } from 'express'; import { Router } from 'express';
import * as ProjectController from '../controllers/project.controller'; import * as ProjectController from '../controllers/project.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router(); const router = new Router();
router.route('/projects').post(ProjectController.createProject); router.post('/projects', isAuthenticated, ProjectController.createProject);
router.route('/projects/:project_id').put(ProjectController.updateProject); router.put('/projects/:project_id', isAuthenticated, ProjectController.updateProject);
router.route('/projects/:project_id').get(ProjectController.getProject); router.get('/projects/:project_id', ProjectController.getProject);
router.route('/projects/:project_id').delete(ProjectController.deleteProject); router.delete('/projects/:project_id', isAuthenticated, ProjectController.deleteProject);
router.route('/projects').get(ProjectController.getProjects); router.get('/projects', ProjectController.getProjects);
router.route('/:username/projects').get(ProjectController.getProjectsForUser); router.get('/:username/projects', ProjectController.getProjectsForUser);
router.route('/projects/:project_id/zip').get(ProjectController.downloadProjectAsZip); router.get('/projects/:project_id/zip', ProjectController.downloadProjectAsZip);
export default router; export default router;

View file

@ -9,70 +9,70 @@ const router = new Router();
// this is intended to be a temporary file // this is intended to be a temporary file
// until i figure out isomorphic rendering // until i figure out isomorphic rendering
router.route('/').get((req, res) => { router.get('/', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
router.route('/signup').get((req, res) => { router.get('/signup', (req, res) => {
if (req.user) { if (req.user) {
return res.redirect('/'); return res.redirect('/');
} }
return res.send(renderIndex()); return res.send(renderIndex());
}); });
router.route('/projects/:project_id').get((req, res) => { router.get('/projects/:project_id', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
router.route('/:username/sketches/:project_id').get((req, res) => { router.get('/:username/sketches/:project_id', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
// router.route('/full/:project_id').get((req, res) => { // router.get('/full/:project_id', (req, res) => {
// res.send(renderIndex()); // res.send(renderIndex());
// }); // });
router.route('/login').get((req, res) => { router.get('/login', (req, res) => {
if (req.user) { if (req.user) {
return res.redirect('/'); return res.redirect('/');
} }
return res.send(renderIndex()); return res.send(renderIndex());
}); });
router.route('/reset-password').get((req, res) => { router.get('/reset-password', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
router.route('/reset-password/:reset_password_token').get((req, res) => { router.get('/reset-password/:reset_password_token', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
router.route('/verify').get((req, res) => { router.get('/verify', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
router.route('/sketches').get((req, res) => { router.get('/sketches', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
router.route('/about').get((req, res) => { router.get('/about', (req, res) => {
res.send(renderIndex()); res.send(renderIndex());
}); });
router.route('/:username/sketches').get((req, res) => { router.get('/:username/sketches', (req, res) => {
userExists(req.params.username, exists => ( userExists(req.params.username, exists => (
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html)) exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
)); ));
}); });
router.route('/:username/assets').get((req, res) => { router.get('/:username/assets', (req, res) => {
userExists(req.params.username, exists => ( userExists(req.params.username, exists => (
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html)) exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
)); ));
}); });
router.route('/:username/account').get((req, res) => { router.get('/:username/account', (req, res) => {
userExists(req.params.username, exists => ( userExists(req.params.username, exists => (
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html)) exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
)); ));

View file

@ -3,12 +3,10 @@ import * as SessionController from '../controllers/session.controller';
const router = new Router(); const router = new Router();
router.route('/login').post(SessionController.createSession); router.post('/login', SessionController.createSession);
router.route('/session').get(SessionController.getSession); router.get('/session', SessionController.getSession);
router.route('/logout').get(SessionController.destroySession); router.get('/logout', SessionController.destroySession);
export default router; export default router;
// TODO add github authentication stuff

View file

@ -1,24 +1,25 @@
import { Router } from 'express'; import { Router } from 'express';
import * as UserController from '../controllers/user.controller'; import * as UserController from '../controllers/user.controller';
import isAuthenticated from '../utils/isAuthenticated';
const router = new Router(); const router = new Router();
router.route('/signup').post(UserController.createUser); router.post('/signup', UserController.createUser);
router.route('/signup/duplicate_check').get(UserController.duplicateUserCheck); router.get('/signup/duplicate_check', UserController.duplicateUserCheck);
router.route('/preferences').put(UserController.updatePreferences); router.put('/preferences', isAuthenticated, UserController.updatePreferences);
router.route('/reset-password').post(UserController.resetPasswordInitiate); router.post('/reset-password', UserController.resetPasswordInitiate);
router.route('/reset-password/:token').get(UserController.validateResetPasswordToken); router.get('/reset-password/:token', UserController.validateResetPasswordToken);
router.route('/reset-password/:token').post(UserController.updatePassword); router.post('/reset-password/:token', UserController.updatePassword);
router.route('/account').put(UserController.updateSettings); router.put('/account', isAuthenticated, UserController.updateSettings);
router.route('/verify/send').post(UserController.emailVerificationInitiate); router.post('/verify/send', UserController.emailVerificationInitiate);
router.route('/verify').get(UserController.verifyEmail); router.get('/verify', UserController.verifyEmail);
export default router; export default router;

View file

@ -0,0 +1,10 @@
export default function isAuthenticated(req, res, next) {
if (req.user) {
return next();
}
res.status(403).send({
success: false,
message: 'You must be logged in in order to perform the requested action.'
});
}