diff options
| author | Marvin Borner | 2020-10-01 20:23:05 +0200 |
|---|---|---|
| committer | Marvin Borner | 2020-10-01 20:23:05 +0200 |
| commit | c0f4e7d599c9d65dfbd2bd2a6bded70196eefda7 (patch) | |
| tree | 855746681c4f65eb5279875479ece8f227c5ead5 | |
| parent | bdb6da118e61815eb5f58588a932bc7b3c472715 (diff) | |
Tis code veri gud
| -rw-r--r-- | app.js | 8 | ||||
| -rw-r--r-- | auth/index.js | 16 | ||||
| -rw-r--r-- | quotes/index.js | 9 |
3 files changed, 21 insertions, 12 deletions
@@ -2,8 +2,8 @@ require("dotenv").config(); const express = require("express"); const session = require("express-session"); +const { auth, checkUser } = require("./auth"); const motto = require("./motto"); -const auth = require("./auth"); const quotes = require("./quotes"); const app = express(); @@ -14,9 +14,9 @@ app.use(session({ secret: "keyboard cat", resave: false, saveUninitialized: true app.use(express.urlencoded({ extended: true })); app.use(express.json()); -app.get("/", (req, res) => res.redirect("/motto")); -app.use("/motto", motto); +app.get("/", checkUser, (req, res) => res.redirect("/motto")); +app.use("/motto", checkUser, motto); +app.use("/quotes", checkUser, quotes); app.use("/auth", auth); -app.use("/quotes", quotes); app.listen(5005, () => console.log("Server started on http://localhost:5005")); diff --git a/auth/index.js b/auth/index.js index 3fb86d3..0891fc5 100644 --- a/auth/index.js +++ b/auth/index.js @@ -7,16 +7,24 @@ const app = express.Router(); // TODO: Change passwords // TODO: Login (+ Frontend, cookie, etc) +function checkUser(req, res, next) { + if (req.session.loggedIn) next(); + else res.redirect("/auth"); +} + app.use( "/", (req, res, next) => { - if (!req.session.loggedIn) next(); + // Very important, don't change :) + if (!req.session.loggedIn || req.path.startsWith("/api")) next(); else res.redirect("/"); }, express.static(__dirname + "/public") ); app.post("/api/login", async (req, res) => { + if (req.session.loggedIn) return res.redirect("/"); + const { username, password } = req.body; if (!(username && password)) return res.redirect("/auth"); const user = (await db.query("SELECT id, password FROM users WHERE username = ?", [username]))[0]; @@ -29,7 +37,7 @@ app.post("/api/login", async (req, res) => { res.redirect("/auth"); }); -app.put("/api/password", async (req, res) => { +app.put("/api/password", checkUser, async (req, res) => { const { pwd, newPwd } = req.body; if (!(pwd && newPwd)) return res.redirect("/auth"); const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]); @@ -46,9 +54,9 @@ app.put("/api/password", async (req, res) => { } }); -app.get("/api/list", async (req, res) => { +app.get("/api/list", checkUser, async (req, res) => { const users = await db.query("SELECT id, name, middlename, surname FROM users"); res.json(users); }); -module.exports = app; +module.exports = { auth: app, checkUser }; diff --git a/quotes/index.js b/quotes/index.js index 31ea2a5..c125548 100644 --- a/quotes/index.js +++ b/quotes/index.js @@ -1,14 +1,15 @@ const express = require("express"); const db = require("../db"); const app = express.Router(); +const { checkUser } = require("../auth"); -app.use("/", express.static(__dirname + "/public")); +app.use("/", checkUser, express.static(__dirname + "/public")); -app.post("/api/add", async (req, res) => { +app.post("/api/add", checkUser, async (req, res) => { if (!req.body.author || !req.body.quote) return res.send("error"); try { await db.query("INSERT INTO quotes (user_id, author_id, quote) VALUE (?,?,?)", [ - 72, // TODO: Add actual user identification + req.session.uid, // TODO: Add actual user identification parseInt(req.body.author), req.body.quote, ]); @@ -19,7 +20,7 @@ app.post("/api/add", async (req, res) => { } }); -app.get("/api/list", async (req, res) => { +app.get("/api/list", checkUser, async (req, res) => { const quotes = await db.query( "SELECT quotes.id, name, middlename, surname, quote FROM quotes INNER JOIN users AS a ON author_id = a.id ORDER BY name" ); |