moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Require auth for read-only requests too

This commit is contained in:
Calvin Montgomery 2014-08-04 18:01:57 -07:00
parent 032dede66d
commit d94c596063
1 changed files with 55 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
lib/web/account.js
View File

@ -26,10 +26,19 @@ function handleAccountEditPage(req, res) {
if (req.cookies.auth) {
loginName = req.cookies.auth.split(":")[0];
}
db.users.verifyAuth(req.cookies.auth, function (err, user) {
if (err) {
return sendJade(res, "account-edit", {
loggedIn: false
});
}
sendJade(res, "account-edit", {
loggedIn: loginName !== false,
loginName: loginName
});
});
}
/**
@ -185,6 +194,13 @@ function handleAccountChannelPage(req, res) {
}
if (loginName) {
db.users.verifyAuth(req.cookies.auth, function (err, user) {
if (err) {
return sendJade(res, "account-channels", {
loggedIn: false
});
}
db.channels.listUserChannels(loginName, function (err, channels) {
sendJade(res, "account-channels", {
loggedIn: true,
@ -192,6 +208,7 @@ function handleAccountChannelPage(req, res) {
channels: channels
});
});
});
} else {
sendJade(res, "account-channels", {
loggedIn: false,
@ -415,15 +432,19 @@ function handleAccountProfilePage(req, res) {
logRequest(req);
var loginName = false;
if (req.cookies.auth) {
loginName = req.cookies.auth.split(":")[0];
} else {
sendJade(res, "account-profile", {
if (!req.cookies.auth) {
return sendJade(res, "account-profile", {
loggedIn: false,
profileImage: "",
profileText: ""
});
return;
} else {
loginName = req.cookies.auth.split(":")[0];
db.users.verifyAuth(req.cookies.auth, function (err, user) {
if (err) {
return sendJade(res, "account-profile", {
loggedIn: false
});
}
db.users.getProfile(loginName, function (err, profile) {
@ -446,6 +467,8 @@ function handleAccountProfilePage(req, res) {
profileError: false
});
});
});
}
}
/**