mirror/spacedeck-open
1
0
Fork 0
mirror of https://github.com/spacedeck/spacedeck-open.git synced 2025-12-16 18:07:31 +01:00
Code Issues Projects Releases Wiki Activity

fix api-token check

Browse Source
This commit is contained in:
dm
2021-04-20 15:14:41 +02:00
parent c88433fcff
commit 50e421d64d
1 changed files with 27 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
middlewares/session.js
View File

@@ -1,22 +1,22 @@
'use strict'; "use strict";
const db = require('../models/db'); const db = require("../models/db");
var config = require('config'); var config = require("config");
module.exports = (req, res, next) => { module.exports = (req, res, next) => {
// authentication via API token // authentication via API token
const api_token = req.headers["x-spacedeck-api-token"]; const api_token = req.headers["x-spacedeck-api-token"];
if (api_token && api_token.length > 7) { if (api_token && api_token.length > 7) {
db.User.findOne({where: {api_token: api_token}}).then(user => { db.User.findOne({ where: { api_token: api_token } }).then((user) => {
if (user) {
req.user = user; req.user = user;
next(); next();
}).error(err => { } else {
res.status(403).json({ res.status(403).json({
"error": "invalid_api-token" error: "invalid_api-token",
}); });
next(); }
}); });
return; return;
@@ -27,27 +27,28 @@ module.exports = (req, res, next) => {
if (token && token != "null" && token != null) { if (token && token != "null" && token != null) {
db.Session.findOne({ where: { token: token } }) db.Session.findOne({ where: { token: token } })
.then(session => { .then((session) => {
if (!session) { if (!session) {
// session not found // session not found
next(); next();
} } else
else db.User.findOne({where: {_id: session.user_id}}) db.User.findOne({ where: { _id: session.user_id } }).then((user) => {
.then(user => {
if (!user) { if (!user) {
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname; var domain =
res.clearCookie('sdsession', { domain: domain }); process.env.NODE_ENV == "production"
? new URL(config.get("endpoint")).hostname
: req.headers.hostname;
res.clearCookie("sdsession", { domain: domain });
if (req.accepts("text/html")) { if (req.accepts("text/html")) {
res.send("Please clear your cookies and try again."); res.send("Please clear your cookies and try again.");
} else if (req.accepts('application/json')) { } else if (req.accepts("application/json")) {
res.status(403).json({ res.status(403).json({
"error": "token_not_found" error: "token_not_found",
}); });
} else { } else {
res.send("Please clear your cookies and try again."); res.send("Please clear your cookies and try again.");
} }
} else { } else {
req["token"] = token; req["token"] = token;
req["user"] = user; req["user"] = user;
@@ -55,11 +56,11 @@ module.exports = (req, res, next) => {
} }
}); });
}) })
.error(err => { .error((err) => {
console.error("Session resolve error", err); console.error("Session resolve error", err);
next(); next();
}); });
} else { } else {
next(); next();
} }
} };