In theory this will enable us to disable users and not break already running instances

This commit is contained in:
Kana 2018-02-16 23:50:23 -03:00
parent 48ec9d9559
commit 939b5c52f7
2 changed files with 10 additions and 1 deletions

View File

@ -15,6 +15,10 @@ authController.verify = async (req, res, next) => {
const user = await db.table('users').where('username', username).first(); const user = await db.table('users').where('username', username).first();
if (!user) return res.json({ success: false, description: 'Username doesn\'t exist' }); if (!user) return res.json({ success: false, description: 'Username doesn\'t exist' });
if (user.enabled === false || user.enabled === 0) return res.json({
success: false,
description: 'This account has been disabled'
});
bcrypt.compare(password, user.password, (err, result) => { bcrypt.compare(password, user.password, (err, result) => {
if (err) { if (err) {
@ -56,7 +60,8 @@ authController.register = async (req, res, next) => {
await db.table('users').insert({ await db.table('users').insert({
username: username, username: username,
password: hash, password: hash,
token: token token: token,
enabled: 1
}); });
return res.json({ success: true, token: token }) return res.json({ success: true, token: token })
}); });

View File

@ -39,6 +39,10 @@ uploadsController.upload = async (req, res, next) => {
const token = req.headers.token || ''; const token = req.headers.token || '';
const user = await db.table('users').where('token', token).first(); const user = await db.table('users').where('token', token).first();
if (user.enabled === false || user.enabled === 0) return res.json({
success: false,
description: 'This account has been disabled'
});
const albumid = req.headers.albumid || req.params.albumid; const albumid = req.headers.albumid || req.params.albumid;
if (albumid && user) { if (albumid && user) {