mirror of https://github.com/calzoneman/sync.git
Require auth for read-only requests too
This commit is contained in:
Calvin Montgomery
parent
032dede66d
commit
d94c596063
|
|
@ -26,9 +26,18 @@ function handleAccountEditPage(req, res) {
|
|||
if (req.cookies.auth) {
|
||||
loginName = req.cookies.auth.split(":")[0];
|
||||
}
|
||||
sendJade(res, "account-edit", {
|
||||
loggedIn: loginName !== false,
|
||||
loginName: loginName
|
||||
|
||||
db.users.verifyAuth(req.cookies.auth, function (err, user) {
|
||||
if (err) {
|
||||
return sendJade(res, "account-edit", {
|
||||
loggedIn: false
|
||||
});
|
||||
}
|
||||
|
||||
sendJade(res, "account-edit", {
|
||||
loggedIn: loginName !== false,
|
||||
loginName: loginName
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
|
@ -185,11 +194,19 @@ function handleAccountChannelPage(req, res) {
|
|||
}
|
||||
|
||||
if (loginName) {
|
||||
db.channels.listUserChannels(loginName, function (err, channels) {
|
||||
sendJade(res, "account-channels", {
|
||||
loggedIn: true,
|
||||
loginName: loginName,
|
||||
channels: channels
|
||||
db.users.verifyAuth(req.cookies.auth, function (err, user) {
|
||||
if (err) {
|
||||
return sendJade(res, "account-channels", {
|
||||
loggedIn: false
|
||||
});
|
||||
}
|
||||
|
||||
db.channels.listUserChannels(loginName, function (err, channels) {
|
||||
sendJade(res, "account-channels", {
|
||||
loggedIn: true,
|
||||
loginName: loginName,
|
||||
channels: channels
|
||||
});
|
||||
});
|
||||
});
|
||||
} else {
|
||||
|
|
@ -415,37 +432,43 @@ function handleAccountProfilePage(req, res) {
|
|||
logRequest(req);
|
||||
|
||||
var loginName = false;
|
||||
if (req.cookies.auth) {
|
||||
loginName = req.cookies.auth.split(":")[0];
|
||||
} else {
|
||||
sendJade(res, "account-profile", {
|
||||
if (!req.cookies.auth) {
|
||||
return sendJade(res, "account-profile", {
|
||||
loggedIn: false,
|
||||
profileImage: "",
|
||||
profileText: ""
|
||||
});
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
loginName = req.cookies.auth.split(":")[0];
|
||||
db.users.verifyAuth(req.cookies.auth, function (err, user) {
|
||||
if (err) {
|
||||
return sendJade(res, "account-profile", {
|
||||
loggedIn: false
|
||||
});
|
||||
}
|
||||
|
||||
db.users.getProfile(loginName, function (err, profile) {
|
||||
if (err) {
|
||||
sendJade(res, "account-profile", {
|
||||
loggedIn: true,
|
||||
loginName: loginName,
|
||||
profileError: err,
|
||||
profileImage: "",
|
||||
profileText: ""
|
||||
db.users.getProfile(loginName, function (err, profile) {
|
||||
if (err) {
|
||||
sendJade(res, "account-profile", {
|
||||
loggedIn: true,
|
||||
loginName: loginName,
|
||||
profileError: err,
|
||||
profileImage: "",
|
||||
profileText: ""
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
sendJade(res, "account-profile", {
|
||||
loggedIn: true,
|
||||
loginName: loginName,
|
||||
profileImage: profile.image,
|
||||
profileText: profile.text,
|
||||
profileError: false
|
||||
});
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
sendJade(res, "account-profile", {
|
||||
loggedIn: true,
|
||||
loginName: loginName,
|
||||
profileImage: profile.image,
|
||||
profileText: profile.text,
|
||||
profileError: false
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue