add isAuthenticated middleware, add isAuthenticated middleware to certain routes, make all other routes consistent
This commit is contained in:
parent
5738b07515
commit
fb1684ce4b
10 changed files with 59 additions and 52 deletions
|
@ -8,11 +8,6 @@ import User from '../models/user';
|
||||||
import { deleteObjectsFromS3, getObjectKey } from './aws.controller';
|
import { deleteObjectsFromS3, getObjectKey } from './aws.controller';
|
||||||
|
|
||||||
export function createProject(req, res) {
|
export function createProject(req, res) {
|
||||||
if (!req.user) {
|
|
||||||
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
let projectValues = {
|
let projectValues = {
|
||||||
user: req.user._id
|
user: req.user._id
|
||||||
};
|
};
|
||||||
|
@ -38,7 +33,7 @@ export function createProject(req, res) {
|
||||||
|
|
||||||
export function updateProject(req, res) {
|
export function updateProject(req, res) {
|
||||||
Project.findById(req.params.project_id, (findProjectErr, project) => {
|
Project.findById(req.params.project_id, (findProjectErr, project) => {
|
||||||
if (!req.user || !project.user.equals(req.user._id)) {
|
if (!project.user.equals(req.user._id)) {
|
||||||
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
|
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -107,7 +102,7 @@ function deleteFilesFromS3(files) {
|
||||||
|
|
||||||
export function deleteProject(req, res) {
|
export function deleteProject(req, res) {
|
||||||
Project.findById(req.params.project_id, (findProjectErr, project) => {
|
Project.findById(req.params.project_id, (findProjectErr, project) => {
|
||||||
if (!req.user || !project.user.equals(req.user._id)) {
|
if (!project.user.equals(req.user._id)) {
|
||||||
res.status(403).json({ success: false, message: 'Session does not match owner of project.' });
|
res.status(403).json({ success: false, message: 'Session does not match owner of project.' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,8 +4,8 @@ import { getFileContent } from '../controllers/file.controller';
|
||||||
|
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
||||||
router.route('/:username/sketches/:project_id/*').get(getProjectAsset);
|
router.get('/:username/sketches/:project_id/*', getProjectAsset);
|
||||||
|
|
||||||
router.route('/sketches/:project_id/assets/*?').get(getFileContent);
|
router.get('/sketches/:project_id/assets/*?', getFileContent);
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
import { Router } from 'express';
|
import { Router } from 'express';
|
||||||
import * as AWSController from '../controllers/aws.controller';
|
import * as AWSController from '../controllers/aws.controller';
|
||||||
|
import isAuthenticated from '../utils/isAuthenticated';
|
||||||
|
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
||||||
router.route('/S3/sign').post(AWSController.signS3);
|
router.post('/S3/sign', isAuthenticated, AWSController.signS3);
|
||||||
router.route('/S3/copy').post(AWSController.copyObjectInS3);
|
router.post('/S3/copy', isAuthenticated, AWSController.copyObjectInS3);
|
||||||
router.route('/S3/:object_key').delete(AWSController.deleteObjectFromS3);
|
router.delete('/S3/:object_key', isAuthenticated, AWSController.deleteObjectFromS3);
|
||||||
router.route('/S3/:username/objects').get(AWSController.listObjectsInS3ForUser);
|
router.get('/S3/:username/objects', AWSController.listObjectsInS3ForUser);
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
|
|
|
@ -3,7 +3,7 @@ import * as EmbedController from '../controllers/embed.controller';
|
||||||
|
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
||||||
router.route('/embed/:project_id').get(EmbedController.serveProject);
|
router.get('/embed/:project_id', EmbedController.serveProject);
|
||||||
router.route('/full/:project_id').get(EmbedController.serveProject);
|
router.get('/full/:project_id', EmbedController.serveProject);
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
import { Router } from 'express';
|
import { Router } from 'express';
|
||||||
import * as FileController from '../controllers/file.controller';
|
import * as FileController from '../controllers/file.controller';
|
||||||
|
import isAuthenticated from '../utils/isAuthenticated';
|
||||||
|
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
||||||
router.route('/projects/:project_id/files').post(FileController.createFile);
|
router.post('/projects/:project_id/files', isAuthenticated, FileController.createFile);
|
||||||
router.route('/projects/:project_id/files/:file_id').delete(FileController.deleteFile);
|
router.delete('/projects/:project_id/files/:file_id', isAuthenticated, FileController.deleteFile);
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
|
|
|
@ -1,20 +1,21 @@
|
||||||
import { Router } from 'express';
|
import { Router } from 'express';
|
||||||
import * as ProjectController from '../controllers/project.controller';
|
import * as ProjectController from '../controllers/project.controller';
|
||||||
|
import isAuthenticated from '../utils/isAuthenticated';
|
||||||
|
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
||||||
router.route('/projects').post(ProjectController.createProject);
|
router.post('/projects', isAuthenticated, ProjectController.createProject);
|
||||||
|
|
||||||
router.route('/projects/:project_id').put(ProjectController.updateProject);
|
router.put('/projects/:project_id', isAuthenticated, ProjectController.updateProject);
|
||||||
|
|
||||||
router.route('/projects/:project_id').get(ProjectController.getProject);
|
router.get('/projects/:project_id', ProjectController.getProject);
|
||||||
|
|
||||||
router.route('/projects/:project_id').delete(ProjectController.deleteProject);
|
router.delete('/projects/:project_id', isAuthenticated, ProjectController.deleteProject);
|
||||||
|
|
||||||
router.route('/projects').get(ProjectController.getProjects);
|
router.get('/projects', ProjectController.getProjects);
|
||||||
|
|
||||||
router.route('/:username/projects').get(ProjectController.getProjectsForUser);
|
router.get('/:username/projects', ProjectController.getProjectsForUser);
|
||||||
|
|
||||||
router.route('/projects/:project_id/zip').get(ProjectController.downloadProjectAsZip);
|
router.get('/projects/:project_id/zip', ProjectController.downloadProjectAsZip);
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
|
|
|
@ -9,70 +9,70 @@ const router = new Router();
|
||||||
// this is intended to be a temporary file
|
// this is intended to be a temporary file
|
||||||
// until i figure out isomorphic rendering
|
// until i figure out isomorphic rendering
|
||||||
|
|
||||||
router.route('/').get((req, res) => {
|
router.get('/', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/signup').get((req, res) => {
|
router.get('/signup', (req, res) => {
|
||||||
if (req.user) {
|
if (req.user) {
|
||||||
return res.redirect('/');
|
return res.redirect('/');
|
||||||
}
|
}
|
||||||
return res.send(renderIndex());
|
return res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/projects/:project_id').get((req, res) => {
|
router.get('/projects/:project_id', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/:username/sketches/:project_id').get((req, res) => {
|
router.get('/:username/sketches/:project_id', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
// router.route('/full/:project_id').get((req, res) => {
|
// router.get('/full/:project_id', (req, res) => {
|
||||||
// res.send(renderIndex());
|
// res.send(renderIndex());
|
||||||
// });
|
// });
|
||||||
|
|
||||||
router.route('/login').get((req, res) => {
|
router.get('/login', (req, res) => {
|
||||||
if (req.user) {
|
if (req.user) {
|
||||||
return res.redirect('/');
|
return res.redirect('/');
|
||||||
}
|
}
|
||||||
return res.send(renderIndex());
|
return res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/reset-password').get((req, res) => {
|
router.get('/reset-password', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/reset-password/:reset_password_token').get((req, res) => {
|
router.get('/reset-password/:reset_password_token', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/verify').get((req, res) => {
|
router.get('/verify', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/sketches').get((req, res) => {
|
router.get('/sketches', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/about').get((req, res) => {
|
router.get('/about', (req, res) => {
|
||||||
res.send(renderIndex());
|
res.send(renderIndex());
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/:username/sketches').get((req, res) => {
|
router.get('/:username/sketches', (req, res) => {
|
||||||
userExists(req.params.username, exists => (
|
userExists(req.params.username, exists => (
|
||||||
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
|
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
|
||||||
));
|
));
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/:username/assets').get((req, res) => {
|
router.get('/:username/assets', (req, res) => {
|
||||||
userExists(req.params.username, exists => (
|
userExists(req.params.username, exists => (
|
||||||
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
|
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
|
||||||
));
|
));
|
||||||
});
|
});
|
||||||
|
|
||||||
router.route('/:username/account').get((req, res) => {
|
router.get('/:username/account', (req, res) => {
|
||||||
userExists(req.params.username, exists => (
|
userExists(req.params.username, exists => (
|
||||||
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
|
exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
|
||||||
));
|
));
|
||||||
|
|
|
@ -3,12 +3,10 @@ import * as SessionController from '../controllers/session.controller';
|
||||||
|
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
||||||
router.route('/login').post(SessionController.createSession);
|
router.post('/login', SessionController.createSession);
|
||||||
|
|
||||||
router.route('/session').get(SessionController.getSession);
|
router.get('/session', SessionController.getSession);
|
||||||
|
|
||||||
router.route('/logout').get(SessionController.destroySession);
|
router.get('/logout', SessionController.destroySession);
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
|
|
||||||
// TODO add github authentication stuff
|
|
||||||
|
|
|
@ -1,24 +1,25 @@
|
||||||
import { Router } from 'express';
|
import { Router } from 'express';
|
||||||
import * as UserController from '../controllers/user.controller';
|
import * as UserController from '../controllers/user.controller';
|
||||||
|
import isAuthenticated from '../utils/isAuthenticated';
|
||||||
|
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
||||||
router.route('/signup').post(UserController.createUser);
|
router.post('/signup', UserController.createUser);
|
||||||
|
|
||||||
router.route('/signup/duplicate_check').get(UserController.duplicateUserCheck);
|
router.get('/signup/duplicate_check', UserController.duplicateUserCheck);
|
||||||
|
|
||||||
router.route('/preferences').put(UserController.updatePreferences);
|
router.put('/preferences', isAuthenticated, UserController.updatePreferences);
|
||||||
|
|
||||||
router.route('/reset-password').post(UserController.resetPasswordInitiate);
|
router.post('/reset-password', UserController.resetPasswordInitiate);
|
||||||
|
|
||||||
router.route('/reset-password/:token').get(UserController.validateResetPasswordToken);
|
router.get('/reset-password/:token', UserController.validateResetPasswordToken);
|
||||||
|
|
||||||
router.route('/reset-password/:token').post(UserController.updatePassword);
|
router.post('/reset-password/:token', UserController.updatePassword);
|
||||||
|
|
||||||
router.route('/account').put(UserController.updateSettings);
|
router.put('/account', isAuthenticated, UserController.updateSettings);
|
||||||
|
|
||||||
router.route('/verify/send').post(UserController.emailVerificationInitiate);
|
router.post('/verify/send', UserController.emailVerificationInitiate);
|
||||||
|
|
||||||
router.route('/verify').get(UserController.verifyEmail);
|
router.get('/verify', UserController.verifyEmail);
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
|
|
10
server/utils/isAuthenticated.js
Normal file
10
server/utils/isAuthenticated.js
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
export default function isAuthenticated(req, res, next) {
|
||||||
|
if (req.user) {
|
||||||
|
return next();
|
||||||
|
}
|
||||||
|
res.status(403).send({
|
||||||
|
success: false,
|
||||||
|
message: 'You must be logged in in order to perform the requested action.'
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue