Some security and chat improvements

4 files changed, 18 insertions, 7 deletions

diff --git a/main/app/sprinkles/admin/src/Controller/PostController.php b/main/app/sprinkles/admin/src/Controller/PostController.php
index 3b77bfe..2441be4 100644
--- a/main/app/sprinkles/admin/src/Controller/PostController.php
+++ b/main/app/sprinkles/admin/src/Controller/PostController.php
@@ -12,14 +12,14 @@ use function GuzzleHttp\Psr7\str;
 use UserFrosting\Fortress\RequestDataTransformer;
 use UserFrosting\Fortress\RequestSchema;
 use UserFrosting\Fortress\ServerSideValidator;
-use UserFrosting\Support\Exception\ForbiddenException;
 use UserFrosting\Sprinkle\Core\Controller\SimpleController;
+use UserFrosting\Support\Exception\ForbiddenException;
 use UserFrosting\Support\Exception\BadRequestException;
+use UserFrosting\Support\Exception\NotFoundException;
 use Slim\Http\Request;
 use Slim\Http\Response;
 use Slim\Http\UploadedFile;
 use Illuminate\Database\Capsule\Manager as DB;
-use UserFrosting\Support\Exception\NotFoundException;
 
 /**
  * Controller class for user-related requests, including listing users, CRUD for users, etc.
diff --git a/main/app/sprinkles/core/config/default.php b/main/app/sprinkles/core/config/default.php
index 4e997d3..c829121 100644
--- a/main/app/sprinkles/core/config/default.php
+++ b/main/app/sprinkles/core/config/default.php
@@ -115,7 +115,7 @@
         ],
         // Slim settings - see http://www.slimframework.com/docs/objects/application.html#slim-default-settings
         'settings' => [
-            'displayErrorDetails' => true
+            'displayErrorDetails' => false
         ],
         // "Site" settings that are automatically passed to Twig
         'site' => [
diff --git a/main/app/sprinkles/core/src/Controller/CoreController.php b/main/app/sprinkles/core/src/Controller/CoreController.php
index be88b47..b4d0f83 100644
--- a/main/app/sprinkles/core/src/Controller/CoreController.php
+++ b/main/app/sprinkles/core/src/Controller/CoreController.php
@@ -8,9 +8,8 @@
 
 namespace UserFrosting\Sprinkle\Core\Controller;
 
-use Psr\Http\Message\ServerRequestInterface as Request;
-use Psr\Http\Message\ResponseInterface as Response;
 use Slim\Exception\NotFoundException as NotFoundException;
+use UserFrosting\Support\Exception\ForbiddenException;
 use Illuminate\Database\Capsule\Manager as DB;
 
 /**
@@ -40,6 +39,13 @@ class CoreController extends SimpleController
             ->orderBy('Created')
             ->get();
 
+        // AUTHORIZATION - ONLY FOR ADMINS RIGHT KNOW (BUILD PROCESS)
+        $authorizer = $this->ci->authorizer;
+        $currentUser = $this->ci->currentUser;
+        if (!$authorizer->checkAccess($currentUser, 'update_site_config')) {
+            throw new ForbiddenException();
+        }
+
         return $this->ci->view->render($response, 'pages/index.html.twig', [
             'friends' => $friends,
             'FeedImages' => $FeedImages
diff --git a/main/app/sprinkles/core/templates/pages/partials/chat.js.twig b/main/app/sprinkles/core/templates/pages/partials/chat.js.twig
index d959b69..d32ed5d 100644
--- a/main/app/sprinkles/core/templates/pages/partials/chat.js.twig
+++ b/main/app/sprinkles/core/templates/pages/partials/chat.js.twig
@@ -126,7 +126,6 @@ function InitializeChatServer() {
 
         // TYPING RECOGNITION
         var typingTimer;
-        var doneTypingInterval = 2500;
         var isTyping = false;
 
         ChatTextInput.keydown(function () {
@@ -136,7 +135,9 @@ function InitializeChatServer() {
 
         ChatTextInput.keyup(function () {
             clearTimeout(typingTimer);
-            typingTimer = setTimeout(sendStopTyping, doneTypingInterval);
+            typingTimer = setTimeout(function () {
+                sendStopTyping()
+            }, 2500)
         })
 
         function sendStartTyping() {
@@ -157,6 +158,10 @@ function InitializeChatServer() {
             ChatSocket.send(JSON.stringify({ClientMessageType: "TypingState", State: state}));
         }
 
+        $(window).unload(function () {
+            sendStopTyping(); // USER STOPS TYPING ON PAGE CLOSE ETC
+        })
+
         // SUBSCRIBE TO CHAT
         SubscribeTextInput.keyup(function (e) {
             if (e.keyCode === 13 && SubscribeTextInput.val().length > 0) {