krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

start upgrading eslint

Browse Source
This commit is contained in:
Matteo Pagliazzi
2019-10-08 16:57:10 +02:00
parent 90c917f69e
commit 621787915c
304 changed files with 5992 additions and 6394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
website/server/middlewares/auth.js
View File

@@ -1,11 +1,11 @@
import nconf from 'nconf';
import url from 'url';
import {
NotAuthorized,
} from '../libs/errors';
import {
model as User,
} from '../models/user';
import nconf from 'nconf';
import url from 'url';
import gcpStackdriverTracer from '../libs/gcpTraceAgent';
const COMMUNITY_MANAGER_EMAIL = nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL');
@@ -16,12 +16,9 @@ function getUserFields (options, req) {
// Must be an array
if (options.userFieldsToExclude) {
return options.userFieldsToExclude
.filter(field => {
return !USER_FIELDS_ALWAYS_LOADED.find(fieldToInclude => field.startsWith(fieldToInclude));
})
.map(field => {
return `-${field}`; // -${field} means exclude ${field} in mongodb
})
.filter(field => !USER_FIELDS_ALWAYS_LOADED.find(fieldToInclude => field.startsWith(fieldToInclude)))
.map(field => `-${field}`, // -${field} means exclude ${field} in mongodb
)
.join(' ');
}
@@ -31,7 +28,7 @@ function getUserFields (options, req) {
// Allows GET requests to /user to specify a list of user fields to return instead of the entire doc
const urlPath = url.parse(req.url).pathname;
const userFields = req.query.userFields;
const { userFields } = req.query;
if (!userFields || urlPath !== '/user') return '';
const userFieldOptions = userFields.split(',');
@@ -72,9 +69,9 @@ export function authWithHeaders (options = {}) {
return findPromise
.exec()
.then((user) => {
.then(user => {
if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
if (user.auth.blocked) throw new NotAuthorized(res.t('accountSuspended', {communityManagerEmail: COMMUNITY_MANAGER_EMAIL, userId: user._id}));
if (user.auth.blocked) throw new NotAuthorized(res.t('accountSuspended', { communityManagerEmail: COMMUNITY_MANAGER_EMAIL, userId: user._id }));
res.locals.user = user;
req.session.userId = user._id;
@@ -88,22 +85,21 @@ export function authWithHeaders (options = {}) {
// Authenticate a request through a valid session
export function authWithSession (req, res, next) {
let userId = req.session.userId;
const { userId } = req.session;
// Always allow authentication with headers
if (!userId) {
if (!req.header('x-api-user') || !req.header('x-api-key')) {
return next(new NotAuthorized(res.t('invalidCredentials')));
} else {
return authWithHeaders()(req, res, next);
}
return authWithHeaders()(req, res, next);
}
return User.findOne({
_id: userId,
})
.exec()
.then((user) => {
.then(user => {
if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
res.locals.user = user;