krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove auth with url

Browse Source
This commit is contained in:
Matteo Pagliazzi
2018-08-15 10:40:25 +02:00
parent 2a7dfff88a
commit 696121fb24
7 changed files with 16 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
website/server/middlewares/auth.js
View File

@@ -97,26 +97,3 @@ export function authWithSession (req, res, next) {
})
.catch(next);
}
export function authWithUrl (req, res, next) {
let userId = req.query._id;
let apiToken = req.query.apiToken;
// Always allow authentication with headers
if (!userId || !apiToken) {
if (!req.header('x-api-user') || !req.header('x-api-key')) {
return next(new NotAuthorized(res.t('missingAuthParams')));
} else {
return authWithHeaders()(req, res, next);
}
}
return User.findOne({ _id: userId, apiToken }).exec()
.then((user) => {
if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
res.locals.user = user;
return next();
})
.catch(next);
}