unified auth exceptions, added syncdata and selfinfo

2025-04-01 20:24:18 +02:00 · 2023-04-12 09:27:44 +02:00 · 2023-04-12 09:27:44 +02:00 · d99bb0fedc
commit d99bb0fedc
parent ac01455510
5 changed files with 13 additions and 30 deletions
--- a/src/middlewares/auth.middleware.ts
+++ b/src/middlewares/auth.middleware.ts
@ -25,9 +25,18 @@ import type { Database } from 'better-sqlite3'
 import logger from '../utils/logger'
 import dbtools from '../utils/dbtools'

+const EXCEPTIONS = [
+    '/api/registerscript',
+    '/api/login',
+    '/api/validationtoken',
+    '/api/syncp2pdata',
+    '/api/selfInfo',
+    '/favicon.ico',
+    '/img/frylabs-logo_large_transparent.png',
+] as const
+
 interface Options {
    userDB: Database
-    exceptions: Array<string>
 }

 export const testUser: User = {
@ -55,17 +64,11 @@ function renderLogin(req: Request, res: Response) {
 }

 export default function (options: Options): RequestHandler {
-    const {
-        userDB,
-        exceptions,
-    }: {
-        userDB: Database
-        exceptions: string[]
-    } = options
+    const { userDB } = options

    return function (req: Request, res: Response, next: NextFunction) {
        const sessionID = req.cookies.sessionID
-        const isException = exceptions.some((exc) => {
+        const isException = EXCEPTIONS.some((exc) => {
            return req.originalUrl.split('?')[0] === exc
        })

--- a/src/modules/api/api.ts
+++ b/src/modules/api/api.ts
@ -83,15 +83,6 @@ function GetApp(): ModuleType {
    app.use(
        auth({
            userDB: userDB,
-            exceptions: [
-                '/favicon.ico',
-                '/api/register',
-                '/api/login',
-                '/api/postfeedback',
-                '/api/fosuploader',
-                '/api/badtestsender',
-                '/api/validationtoken',
-            ],
        })
    )
    app.use(
--- a/src/modules/api/submodules/p2p.ts
+++ b/src/modules/api/submodules/p2p.ts
@ -1037,7 +1037,7 @@ function setup(data: SubmoduleData): Submodule {
    app.get('/syncp2pdata', (req: Request, res: Response) => {
        logger.LogReq(req)
        const user = req.session.user
-        if (user.id !== 1) {
+        if (!user || user.id !== 1) {
            res.json({
                status: 'error',
                msg: 'only user 1 can call this EP',
--- a/src/modules/dataEditor/dataEditor.ts
+++ b/src/modules/dataEditor/dataEditor.ts
@ -52,7 +52,6 @@ function GetApp(): ModuleType {
    app.use(
        auth({
            userDB: userDB,
-            exceptions: ['/favicon.ico'],
        })
    )
    app.use((req: Request, _res, next) => {
--- a/src/modules/qmining/qmining.ts
+++ b/src/modules/qmining/qmining.ts
@ -53,16 +53,6 @@ function GetApp(): ModuleType {
    app.use(
        auth({
            userDB: userDB,
-            exceptions: [
-                '/favicon.ico',
-                '/img/frylabs-logo_large_transparent.png',
-                '/api/register',
-                '/api/login',
-                '/api/postfeedback',
-                '/api/fosuploader',
-                '/api/badtestsender',
-                '/api/validationtoken',
-            ],
        })
    )
    app.use((req: Request, _res, next) => {