Tis code veri gud

author: Marvin Borner 2020-10-01 20:23:05 +0200
committer: Marvin Borner 2020-10-01 20:23:05 +0200
commit: c0f4e7d599c9d65dfbd2bd2a6bded70196eefda7 (patch)
tree: 855746681c4f65eb5279875479ece8f227c5ead5 /quotes/index.js
parent: bdb6da118e61815eb5f58588a932bc7b3c472715 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/quotes/index.js b/quotes/index.js
index 31ea2a5..c125548 100644
--- a/quotes/index.js
+++ b/quotes/index.js
@@ -1,14 +1,15 @@
 const express = require("express");
 const db = require("../db");
 const app = express.Router();
+const { checkUser } = require("../auth");
 
-app.use("/", express.static(__dirname + "/public"));
+app.use("/", checkUser, express.static(__dirname + "/public"));
 
-app.post("/api/add", async (req, res) => {
+app.post("/api/add", checkUser, async (req, res) => {
     if (!req.body.author || !req.body.quote) return res.send("error");
     try {
         await db.query("INSERT INTO quotes (user_id, author_id, quote) VALUE (?,?,?)", [
-            72, // TODO: Add actual user identification
+            req.session.uid, // TODO: Add actual user identification
             parseInt(req.body.author),
             req.body.quote,
         ]);
@@ -19,7 +20,7 @@ app.post("/api/add", async (req, res) => {
     }
 });
 
-app.get("/api/list", async (req, res) => {
+app.get("/api/list", checkUser, async (req, res) => {
     const quotes = await db.query(
         "SELECT quotes.id, name, middlename, surname, quote FROM quotes INNER JOIN users AS a ON author_id = a.id ORDER BY name"
     );
author	Marvin Borner	2020-10-01 20:23:05 +0200
committer	Marvin Borner	2020-10-01 20:23:05 +0200
commit	c0f4e7d599c9d65dfbd2bd2a6bded70196eefda7 (patch)
tree	855746681c4f65eb5279875479ece8f227c5ead5 /quotes/index.js
parent	bdb6da118e61815eb5f58588a932bc7b3c472715 (diff)