diff options
| -rw-r--r-- | auth/index.js | 13 | ||||
| -rw-r--r-- | mottovote/index.js | 2 | ||||
| -rw-r--r-- | profile/index.js | 56 |
3 files changed, 41 insertions, 30 deletions
diff --git a/auth/index.js b/auth/index.js index 2e3fa17..3109586 100644 --- a/auth/index.js +++ b/auth/index.js @@ -10,8 +10,9 @@ function checkUser(req, res, next) { } function checkAdmin(req, res, next) { - if (!(req.session.loggedIn && req.session.isAdmin)) return res.redirect("/" + (req.session.isAdmin ? "auth" : "")); - else next(); + if (req.session.loggedIn && req.session.isAdmin) next(); + else if (req.session.loggedIn) return res.redirect("/"); + else return res.redirect("/auth"); } app.use( @@ -89,13 +90,7 @@ app.get("/api/list", checkUser, async (req, res) => { }); app.get("/api/status", (req, res) => { - if (req.session.loggedIn) { - db.query("SELECT is_admin FROM users WHERE id = ?", [req.session.uid]).then((ret) => { - res.json({ loggedIn: req.session.loggedIn, admin: ret[0].is_admin ? true : false }); - }); - } else { - res.json({ loggedIn: false, admin: false }); - } + res.json({ loggedIn: req.session.loggedIn, admin: req.session.isAdmin }); }); module.exports = { auth: app, checkUser, checkAdmin }; diff --git a/mottovote/index.js b/mottovote/index.js index eb553e8..c3dbb9b 100644 --- a/mottovote/index.js +++ b/mottovote/index.js @@ -30,7 +30,7 @@ app.put("/api/vote", checkUser, async (req, res) => { res.send("ok"); } catch (e) { console.error(e); - res.send("error"); + return res.send("error"); } }); diff --git a/profile/index.js b/profile/index.js index 1a46fc1..fcdf877 100644 --- a/profile/index.js +++ b/profile/index.js @@ -43,11 +43,15 @@ app.post("/api/add", async (req, res) => { for (let qid in req.body) { if (!req.body.hasOwnProperty(qid) || req.body[qid] === "dbg-image") continue; let answer = req.body[qid].replace(/</g, "<").replace(/>/g, ">"); - await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [ - qid, - req.session.uid, - answer.replace(/</g, "<").replace(/>/g, ">"), - ]); + try { + await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [ + qid, + req.session.uid, + answer.replace(/</g, "<").replace(/>/g, ">"), + ]); + } catch (e) { + console.error(e); + } } for (let fid in req.files) { if (!req.files.hasOwnProperty(fid)) return; @@ -58,11 +62,15 @@ app.post("/api/add", async (req, res) => { imageType = image.name.split(".").reverse()[0]; imageName = `${req.session.uid}_${new Date().getTime()}.${imageType}`; image.mv(__dirname + "/public/uploads/" + imageName); - await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [ - fid, - req.session.uid, - imageName, - ]); + try { + await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [ + fid, + req.session.uid, + imageName, + ]); + } catch (e) { + console.error(e); + } } res.send("ok"); } catch (e) { @@ -76,11 +84,15 @@ app.put("/api/update", async (req, res) => { for (let qid in req.body) { if (!req.body.hasOwnProperty(qid) || req.body[qid] === "dbg-image") continue; let answer = req.body[qid].replace(/</g, "<").replace(/>/g, ">"); - await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [ - answer, - qid, - req.session.uid, - ]); + try { + await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [ + answer, + qid, + req.session.uid, + ]); + } catch (e) { + console.error(e); + } } for (let fid in req.files) { if (!req.files.hasOwnProperty(fid)) return; @@ -91,11 +103,15 @@ app.put("/api/update", async (req, res) => { imageType = image.name.split(".").reverse()[0]; imageName = `${req.session.uid}_${new Date().getTime()}.${imageType}`; image.mv(__dirname + "/public/uploads/" + imageName); - await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [ - imageName, - fid, - req.session.uid, - ]); + try { + await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [ + imageName, + fid, + req.session.uid, + ]); + } catch (e) { + console.error(e); + } } res.send("ok"); } catch (e) { |