From d99bb0fedc0f2083b59bc321f9572b9c76634464 Mon Sep 17 00:00:00 2001 From: mrfry Date: Wed, 12 Apr 2023 09:27:44 +0200 Subject: [PATCH] unified auth exceptions, added syncdata and selfinfo --- src/middlewares/auth.middleware.ts | 21 ++++++++++++--------- src/modules/api/api.ts | 9 --------- src/modules/api/submodules/p2p.ts | 2 +- src/modules/dataEditor/dataEditor.ts | 1 - src/modules/qmining/qmining.ts | 10 ---------- 5 files changed, 13 insertions(+), 30 deletions(-) diff --git a/src/middlewares/auth.middleware.ts b/src/middlewares/auth.middleware.ts index 387b363..8372e01 100644 --- a/src/middlewares/auth.middleware.ts +++ b/src/middlewares/auth.middleware.ts @@ -25,9 +25,18 @@ import type { Database } from 'better-sqlite3' import logger from '../utils/logger' import dbtools from '../utils/dbtools' +const EXCEPTIONS = [ + '/api/registerscript', + '/api/login', + '/api/validationtoken', + '/api/syncp2pdata', + '/api/selfInfo', + '/favicon.ico', + '/img/frylabs-logo_large_transparent.png', +] as const + interface Options { userDB: Database - exceptions: Array } export const testUser: User = { @@ -55,17 +64,11 @@ function renderLogin(req: Request, res: Response) { } export default function (options: Options): RequestHandler { - const { - userDB, - exceptions, - }: { - userDB: Database - exceptions: string[] - } = options + const { userDB } = options return function (req: Request, res: Response, next: NextFunction) { const sessionID = req.cookies.sessionID - const isException = exceptions.some((exc) => { + const isException = EXCEPTIONS.some((exc) => { return req.originalUrl.split('?')[0] === exc }) diff --git a/src/modules/api/api.ts b/src/modules/api/api.ts index 7295154..f17bd60 100644 --- a/src/modules/api/api.ts +++ b/src/modules/api/api.ts @@ -83,15 +83,6 @@ function GetApp(): ModuleType { app.use( auth({ userDB: userDB, - exceptions: [ - '/favicon.ico', - '/api/register', - '/api/login', - '/api/postfeedback', - '/api/fosuploader', - '/api/badtestsender', - '/api/validationtoken', - ], }) ) app.use( diff --git a/src/modules/api/submodules/p2p.ts b/src/modules/api/submodules/p2p.ts index f756d38..cf35286 100644 --- a/src/modules/api/submodules/p2p.ts +++ b/src/modules/api/submodules/p2p.ts @@ -1037,7 +1037,7 @@ function setup(data: SubmoduleData): Submodule { app.get('/syncp2pdata', (req: Request, res: Response) => { logger.LogReq(req) const user = req.session.user - if (user.id !== 1) { + if (!user || user.id !== 1) { res.json({ status: 'error', msg: 'only user 1 can call this EP', diff --git a/src/modules/dataEditor/dataEditor.ts b/src/modules/dataEditor/dataEditor.ts index 94691b8..f0e706b 100644 --- a/src/modules/dataEditor/dataEditor.ts +++ b/src/modules/dataEditor/dataEditor.ts @@ -52,7 +52,6 @@ function GetApp(): ModuleType { app.use( auth({ userDB: userDB, - exceptions: ['/favicon.ico'], }) ) app.use((req: Request, _res, next) => { diff --git a/src/modules/qmining/qmining.ts b/src/modules/qmining/qmining.ts index dd1a0a2..200ff5c 100644 --- a/src/modules/qmining/qmining.ts +++ b/src/modules/qmining/qmining.ts @@ -53,16 +53,6 @@ function GetApp(): ModuleType { app.use( auth({ userDB: userDB, - exceptions: [ - '/favicon.ico', - '/img/frylabs-logo_large_transparent.png', - '/api/register', - '/api/login', - '/api/postfeedback', - '/api/fosuploader', - '/api/badtestsender', - '/api/validationtoken', - ], }) ) app.use((req: Request, _res, next) => {