mirror of
https://github.com/BobbyWibowo/lolisafe.git
synced 2025-01-18 17:21:33 +00:00
feat: better props override for auth helepr functs
This commit is contained in:
Bobby
parent
ffe6d6ed88
commit
7147afc309
@ -74,14 +74,14 @@ self.assertUser = async (token, fields, ip) => {
|
||||
}
|
||||
}
|
||||
|
||||
self.requireUser = (req, res, next, fields) => {
|
||||
self.requireUser = (req, res, next, options = {}) => {
|
||||
// Throws when token is missing, thus use only for users-only routes
|
||||
const token = req.headers.token
|
||||
const token = options.token || req.headers.token
|
||||
if (!token) {
|
||||
return next(new ClientError('No token provided.', { statusCode: 403 }))
|
||||
}
|
||||
|
||||
self.assertUser(token, fields, req.ip)
|
||||
self.assertUser(token, options.fields, req.ip)
|
||||
.then(user => {
|
||||
// Add user data to Request.locals.user
|
||||
req.locals.user = user
|
||||
@ -90,10 +90,10 @@ self.requireUser = (req, res, next, fields) => {
|
||||
.catch(next)
|
||||
}
|
||||
|
||||
self.optionalUser = (req, res, next, fields) => {
|
||||
self.optionalUser = (req, res, next, options = {}) => {
|
||||
// Throws when token if missing only when private is set to true in config,
|
||||
// thus use for routes that can handle no auth requests
|
||||
const token = req.headers.token
|
||||
const token = options.token || req.headers.token
|
||||
if (!token) {
|
||||
if (config.private === true) {
|
||||
return next(new ClientError('No token provided.', { statusCode: 403 }))
|
||||
@ -103,7 +103,7 @@ self.optionalUser = (req, res, next, fields) => {
|
||||
}
|
||||
}
|
||||
|
||||
self.assertUser(token, fields, req.ip)
|
||||
self.assertUser(token, options.fields, req.ip)
|
||||
.then(user => {
|
||||
// Add user data to Request.locals.user
|
||||
req.locals.user = user
|
||||
|
||||
@ -44,10 +44,15 @@ routes.post('/users/edit', [auth.requireUser, utils.assertJSON], auth.editUser)
|
||||
/** ./controllers/uploadController.js */
|
||||
|
||||
// HyperExpress defaults to 250kb
|
||||
// https://github.com/kartikk221/hyper-express/blob/6.4.4/docs/Server.md#server-constructor-options
|
||||
const maxBodyLength = parseInt(config.uploads.maxSize) * 1e6
|
||||
routes.post('/upload', { max_body_length: maxBodyLength }, auth.optionalUser, upload.upload)
|
||||
routes.post('/upload/:albumid', { max_body_length: maxBodyLength }, auth.optionalUser, upload.upload)
|
||||
// https://github.com/kartikk221/hyper-express/blob/6.4.8/docs/Server.md#server-constructor-options
|
||||
const uploadOptions = {
|
||||
max_body_length: parseInt(config.uploads.maxSize) * 1e6,
|
||||
middlewares: [
|
||||
auth.optionalUser
|
||||
]
|
||||
}
|
||||
routes.post('/upload', uploadOptions, upload.upload)
|
||||
routes.post('/upload/:albumid', uploadOptions, upload.upload)
|
||||
routes.post('/upload/finishchunks', [auth.optionalUser, utils.assertJSON], upload.finishChunks)
|
||||
|
||||
routes.get('/uploads', auth.requireUser, upload.list)
|
||||
@ -78,8 +83,10 @@ routes.post('/albums/rename', [auth.requireUser, utils.assertJSON], albums.renam
|
||||
|
||||
routes.get('/tokens', auth.requireUser, tokens.list)
|
||||
routes.post('/tokens/change', (req, res, next) => {
|
||||
// Include user's "token" field into database query
|
||||
auth.requireUser(req, res, next, 'token')
|
||||
auth.requireUser(req, res, next, {
|
||||
// Include user's "token" field into database query
|
||||
fields: ['token']
|
||||
})
|
||||
}, tokens.change)
|
||||
routes.post('/tokens/verify', utils.assertJSON, tokens.verify)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user