PSForever/PSFPortal
1
0
Fork 0
mirror of https://github.com/psforever/PSFPortal.git synced 2026-04-20 03:45:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix admin/session middleware to prevent casade on to later routes

Browse source
This commit is contained in:
Chord 2020-01-09 21:22:07 +01:00
parent bed14bdb86
commit f96b37aad3
5 changed files with 67 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

18
api/admin.js
View file

@ -1,12 +1,12 @@
import express from 'express'
import * as db from './db.js'
import { get_pagination, get_filter, get_sort, fetch_user_middleware } from './util.js'
import { NEED_ADMIN, get_pagination, get_filter, get_sort, fetch_user_middleware } from './util.js'
const api = express.Router();
api.param("user", fetch_user_middleware);
api.get('/users', async (req, res, next) => {
api.get('/users', NEED_ADMIN, async (req, res, next) => {
const pagination = get_pagination(req);
const filter = get_filter(req,
{
@ -41,7 +41,7 @@ api.get('/users', async (req, res, next) => {
}
});
api.post('/search', async (req, res, next) => {
api.post('/search', NEED_ADMIN, async (req, res, next) => {
const pagination = get_pagination(req);
let search = req.body.search;
@ -60,13 +60,13 @@ api.post('/search', async (req, res, next) => {
}
});
api.get('/user/:user', async (req, res, next) => {
api.get('/user/:user', NEED_ADMIN, async (req, res, next) => {
const account = req.user;
res.status(200).json({ id : account.id, name: account.username });
});
api.post('/user/:user/add_gm', async (req, res, next) => {
api.post('/user/:user/add_gm', NEED_ADMIN, async (req, res, next) => {
const account = req.user;
try {
@ -78,7 +78,7 @@ api.post('/user/:user/add_gm', async (req, res, next) => {
}
});
api.post('/user/:user/remove_gm', async (req, res, next) => {
api.post('/user/:user/remove_gm', NEED_ADMIN, async (req, res, next) => {
const account = req.user;
try {
@ -90,7 +90,7 @@ api.post('/user/:user/remove_gm', async (req, res, next) => {
}
});
api.post('/user/:user/ban', async (req, res, next) => {
api.post('/user/:user/ban', NEED_ADMIN, async (req, res, next) => {
const account = req.user;
try {
@ -103,7 +103,7 @@ api.post('/user/:user/ban', async (req, res, next) => {
}
});
api.post('/user/:user/unban', async (req, res, next) => {
api.post('/user/:user/unban', NEED_ADMIN, async (req, res, next) => {
const account = req.user;
try {
@ -115,7 +115,7 @@ api.post('/user/:user/unban', async (req, res, next) => {
});
api.get('/characters', async (req, res, next) => {
api.get('/characters', NEED_ADMIN, async (req, res, next) => {
const pagination = get_pagination(req);
try {