mirror
/
sotlas-api
kopia lustrzana https://github.com/manuelkasper/sotlas-api
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Fix again

master
Manuel Kasper 2023-12-28 21:18:33 +01:00
rodzic 2c8cd5d4d7
commit deb80e6f6f
2 zmienionych plików z 14 dodań i 14 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

16
photos_router.js
Wyświetl plik

@ -27,7 +27,7 @@ router.post('/summits/:association/:code/upload', jwtCallback, upload.array('pho
noCache: true noCache: true
} }
if (!req.user.callsign) { if (!req.auth.callsign) {
res.status(401).send('Missing callsign in SSO token').end() res.status(401).send('Missing callsign in SSO token').end()
return return
} }
@ -42,7 +42,7 @@ router.post('/summits/:association/:code/upload', jwtCallback, upload.array('pho
if (req.files) { if (req.files) {
let dbPhotos = [] let dbPhotos = []
for (let file of req.files) { for (let file of req.files) {
let photo = await photos.importPhoto(file.path, req.user.callsign) let photo = await photos.importPhoto(file.path, req.auth.callsign)
dbPhotos.push(photo) dbPhotos.push(photo)
} }
@ -70,7 +70,7 @@ router.delete('/summits/:association/:code/:filename', jwtCallback, async (req,
noCache: true noCache: true
} }
if (!req.user.callsign) { if (!req.auth.callsign) {
res.status(401).send('Missing callsign in SSO token').end() res.status(401).send('Missing callsign in SSO token').end()
return return
} }
@ -84,7 +84,7 @@ router.delete('/summits/:association/:code/:filename', jwtCallback, async (req,
} }
// Check that uploader is currently logged in user // Check that uploader is currently logged in user
if (photo.author !== req.user.callsign) { if (photo.author !== req.auth.callsign) {
res.status(401).send('Cannot delete another user\'s photos').end() res.status(401).send('Cannot delete another user\'s photos').end()
return return
} }
@ -99,7 +99,7 @@ router.post('/summits/:association/:code/reorder', jwtCallback, async (req, res)
noCache: true noCache: true
} }
if (!req.user.callsign) { if (!req.auth.callsign) {
res.status(401).send('Missing callsign in SSO token').end() res.status(401).send('Missing callsign in SSO token').end()
return return
} }
@ -109,7 +109,7 @@ router.post('/summits/:association/:code/reorder', jwtCallback, async (req, res)
// Assign new sortOrder index to photos of this user, in the order given by req.body.filenames // Assign new sortOrder index to photos of this user, in the order given by req.body.filenames
let updates = req.body.filenames.map((filename, index) => { let updates = req.body.filenames.map((filename, index) => {
return db.getDb().collection('summits').updateOne( return db.getDb().collection('summits').updateOne(
{ code: summitCode, 'photos.author': req.user.callsign, 'photos.filename': filename }, { code: summitCode, 'photos.author': req.auth.callsign, 'photos.filename': filename },
{ $set: { 'photos.$.sortOrder': index + 1 } } { $set: { 'photos.$.sortOrder': index + 1 } }
) )
}) })
@ -124,7 +124,7 @@ router.post('/summits/:association/:code/:filename', jwtCallback, async (req, re
noCache: true noCache: true
} }
if (!req.user.callsign) { if (!req.auth.callsign) {
res.status(401).send('Missing callsign in SSO token').end() res.status(401).send('Missing callsign in SSO token').end()
return return
} }
@ -138,7 +138,7 @@ router.post('/summits/:association/:code/:filename', jwtCallback, async (req, re
} }
// Check that editor is the currently logged in user // Check that editor is the currently logged in user
if (photo.author !== req.user.callsign) { if (photo.author !== req.auth.callsign) {
res.status(401).send('Cannot delete another user\'s photos').end() res.status(401).send('Cannot delete another user\'s photos').end()
return return
} }

12
users.js
Wyświetl plik

@ -22,7 +22,7 @@ let jwtCallback = jwt({
const DB_COLLECTION_USERS = "users"; const DB_COLLECTION_USERS = "users";
router.get("/me", jwtCallback, (req, res) => { router.get("/me", jwtCallback, (req, res) => {
const reqUserId = req.user.userid; const reqUserId = req.auth.userid;
if (!reqUserId) { if (!reqUserId) {
return res.status(401).send("Missing userid in SSO token").end(); return res.status(401).send("Missing userid in SSO token").end();
} }
@ -53,7 +53,7 @@ router.post("/me/settings",
jwtCallback, jwtCallback,
(req, res) => { (req, res) => {
const reqUserId = req.user.userid; const reqUserId = req.auth.userid;
if (!reqUserId) { if (!reqUserId) {
return res.status(401).send("Missing userid in SSO token").end(); return res.status(401).send("Missing userid in SSO token").end();
} }
@ -70,7 +70,7 @@ router.post("/me/settings",
}); });
router.get("/me/tags", jwtCallback, (req, res) => { router.get("/me/tags", jwtCallback, (req, res) => {
const reqUserId = req.user.userid; const reqUserId = req.auth.userid;
if (!reqUserId) { if (!reqUserId) {
return res.status(401).send("Missing userid in SSO token").end(); return res.status(401).send("Missing userid in SSO token").end();
} }
@ -95,7 +95,7 @@ router.get("/me/tags", jwtCallback, (req, res) => {
}); });
router.get("/me/summits/tags", jwtCallback, (req, res) => { router.get("/me/summits/tags", jwtCallback, (req, res) => {
const reqUserId = req.user.userid; const reqUserId = req.auth.userid;
if (!reqUserId) { if (!reqUserId) {
return res.status(401).send("Missing userid in SSO token").end(); return res.status(401).send("Missing userid in SSO token").end();
} }
@ -130,7 +130,7 @@ router.get("/me/summits/tags", jwtCallback, (req, res) => {
}); });
router.get("/me/summit/:association/:code", jwtCallback, (req, res) => { router.get("/me/summit/:association/:code", jwtCallback, (req, res) => {
const reqUserId = req.user.userid; const reqUserId = req.auth.userid;
if (!reqUserId) { if (!reqUserId) {
return res.status(401).send("Missing userid in SSO token").end(); return res.status(401).send("Missing userid in SSO token").end();
} }
@ -175,7 +175,7 @@ router.post("/me/summit/:association/:code",
body("tags.*").isString(), body("tags.*").isString(),
(req, res) => { (req, res) => {
const reqUserId = req.user.userid; const reqUserId = req.auth.userid;
if (!reqUserId) { if (!reqUserId) {
return res.status(401).send("Missing userid in SSO token").end(); return res.status(401).send("Missing userid in SSO token").end();
} }