krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 15:17:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove auth with url

Browse Source
This commit is contained in:
Matteo Pagliazzi
2018-08-15 10:40:25 +02:00
parent 2a7dfff88a
commit 696121fb24
7 changed files with 16 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/client/components/settings/promoCode.vue
View File

@@ -40,7 +40,7 @@ export default {
...mapState({user: 'user.data', credentials: 'credentials'}), ...mapState({user: 'user.data', credentials: 'credentials'}),
getCodesUrl () { getCodesUrl () {
if (!this.user) return ''; if (!this.user) return '';
return `/api/v4/coupons?_id=${this.user._id}&apiToken=${this.credentials.API_TOKEN}`; return '/api/v4/coupons';
}, },
}, },
methods: { methods: {

10
website/client/mixins/payments.js
View File

@@ -13,10 +13,10 @@ export default {
...mapState(['credentials']), ...mapState(['credentials']),
// @TODO refactor into one single computed property // @TODO refactor into one single computed property
paypalCheckoutLink () { paypalCheckoutLink () {
return `/paypal/checkout?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}`; return '/paypal/checkout';
}, },
paypalSubscriptionLink () { paypalSubscriptionLink () {
return `/paypal/subscribe?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}&sub=${this.subscriptionPlan}`; return `/paypal/subscribe?sub=${this.subscriptionPlan}`;
}, },
paypalPurchaseLink () { paypalPurchaseLink () {
if (!this.subscription) { if (!this.subscription) {
@@ -26,7 +26,7 @@ export default {
} }
let couponString = ''; let couponString = '';
if (this.subscription.coupon) couponString = `&coupon=${this.subscription.coupon}`; if (this.subscription.coupon) couponString = `&coupon=${this.subscription.coupon}`;
return `/paypal/subscribe?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}&sub=${this.subscription.key}${couponString}`; return `/paypal/subscribe?sub=${this.subscription.key}${couponString}`;
}, },
}, },
methods: { methods: {
@@ -39,7 +39,7 @@ export default {
if (!this.checkGemAmount(data)) return; if (!this.checkGemAmount(data)) return;
let gift = this.encodeGift(data.giftedTo, data.gift); let gift = this.encodeGift(data.giftedTo, data.gift);
const url = `/paypal/checkout?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}&gift=${gift}`; const url = `/paypal/checkout?gift=${gift}`;
window.open(url, '_blank'); window.open(url, '_blank');
}, },
@@ -210,8 +210,6 @@ export default {
} }
let queryParams = { let queryParams = {
_id: this.user._id,
apiToken: this.credentials.API_TOKEN,
noRedirect: true, noRedirect: true,
}; };

3
website/server/controllers/top-level/payments/amazon.js
View File

@@ -4,7 +4,6 @@ import {
import amzLib from '../../../libs/payments/amazon'; import amzLib from '../../../libs/payments/amazon';
import { import {
authWithHeaders, authWithHeaders,
authWithUrl,
} from '../../../middlewares/auth'; } from '../../../middlewares/auth';
import shared from '../../../../common'; import shared from '../../../../common';
@@ -128,7 +127,7 @@ api.subscribe = {
api.subscribeCancel = { api.subscribeCancel = {
method: 'GET', method: 'GET',
url: '/amazon/subscribe/cancel', url: '/amazon/subscribe/cancel',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let groupId = req.query.groupId; let groupId = req.query.groupId;

11
website/server/controllers/top-level/payments/iap.js
View File

@@ -1,6 +1,5 @@
import { import {
authWithHeaders, authWithHeaders,
authWithUrl,
} from '../../../middlewares/auth'; } from '../../../middlewares/auth';
import { import {
BadRequest, BadRequest,
@@ -21,7 +20,7 @@ let api = {};
api.iapAndroidVerify = { api.iapAndroidVerify = {
method: 'POST', method: 'POST',
url: '/iap/android/verify', url: '/iap/android/verify',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let iapBody = req.body; let iapBody = req.body;
@@ -41,7 +40,7 @@ api.iapAndroidVerify = {
api.iapSubscriptionAndroid = { api.iapSubscriptionAndroid = {
method: 'POST', method: 'POST',
url: '/iap/android/subscribe', url: '/iap/android/subscribe',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode')); if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode'));
let user = res.locals.user; let user = res.locals.user;
@@ -62,7 +61,7 @@ api.iapSubscriptionAndroid = {
api.iapCancelSubscriptionAndroid = { api.iapCancelSubscriptionAndroid = {
method: 'GET', method: 'GET',
url: '/iap/android/subscribe/cancel', url: '/iap/android/subscribe/cancel',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -104,7 +103,7 @@ api.iapiOSVerify = {
api.iapSubscriptioniOS = { api.iapSubscriptioniOS = {
method: 'POST', method: 'POST',
url: '/iap/ios/subscribe', url: '/iap/ios/subscribe',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode')); if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode'));
if (!req.body.receipt) throw new BadRequest(res.t('missingReceipt')); if (!req.body.receipt) throw new BadRequest(res.t('missingReceipt'));
@@ -124,7 +123,7 @@ api.iapSubscriptioniOS = {
api.iapCancelSubscriptioniOS = { api.iapCancelSubscriptioniOS = {
method: 'GET', method: 'GET',
url: '/iap/ios/subscribe/cancel', url: '/iap/ios/subscribe/cancel',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;

8
website/server/controllers/top-level/payments/paypal.js
View File

@@ -2,8 +2,8 @@
import paypalPayments from '../../../libs/payments/paypal'; import paypalPayments from '../../../libs/payments/paypal';
import shared from '../../../../common'; import shared from '../../../../common';
import { import {
authWithUrl,
authWithSession, authWithSession,
authWithHeaders,
} from '../../../middlewares/auth'; } from '../../../middlewares/auth';
import { import {
BadRequest, BadRequest,
@@ -21,7 +21,7 @@ let api = {};
api.checkout = { api.checkout = {
method: 'GET', method: 'GET',
url: '/paypal/checkout', url: '/paypal/checkout',
middlewares: [authWithUrl], middlewares: [authWithSession],
async handler (req, res) { async handler (req, res) {
let gift = req.query.gift ? JSON.parse(req.query.gift) : undefined; let gift = req.query.gift ? JSON.parse(req.query.gift) : undefined;
req.session.gift = req.query.gift; req.session.gift = req.query.gift;
@@ -75,7 +75,7 @@ api.checkoutSuccess = {
api.subscribe = { api.subscribe = {
method: 'GET', method: 'GET',
url: '/paypal/subscribe', url: '/paypal/subscribe',
middlewares: [authWithUrl], middlewares: [authWithSession],
async handler (req, res) { async handler (req, res) {
if (!req.query.sub) throw new BadRequest(apiError('missingSubKey')); if (!req.query.sub) throw new BadRequest(apiError('missingSubKey'));
@@ -136,7 +136,7 @@ api.subscribeSuccess = {
api.subscribeCancel = { api.subscribeCancel = {
method: 'GET', method: 'GET',
url: '/paypal/subscribe/cancel', url: '/paypal/subscribe/cancel',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let groupId = req.query.groupId; let groupId = req.query.groupId;

3
website/server/controllers/top-level/payments/stripe.js
View File

@@ -1,7 +1,6 @@
import shared from '../../../../common'; import shared from '../../../../common';
import { import {
authWithHeaders, authWithHeaders,
authWithUrl,
} from '../../../middlewares/auth'; } from '../../../middlewares/auth';
import stripePayments from '../../../libs/payments/stripe'; import stripePayments from '../../../libs/payments/stripe';
@@ -74,7 +73,7 @@ api.subscribeEdit = {
api.subscribeCancel = { api.subscribeCancel = {
method: 'GET', method: 'GET',
url: '/stripe/subscribe/cancel', url: '/stripe/subscribe/cancel',
middlewares: [authWithUrl], middlewares: [authWithHeaders()],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let groupId = req.query.groupId; let groupId = req.query.groupId;

23
website/server/middlewares/auth.js
View File

@@ -97,26 +97,3 @@ export function authWithSession (req, res, next) {
}) })
.catch(next); .catch(next);
} }
export function authWithUrl (req, res, next) {
let userId = req.query._id;
let apiToken = req.query.apiToken;
// Always allow authentication with headers
if (!userId || !apiToken) {
if (!req.header('x-api-user') || !req.header('x-api-key')) {
return next(new NotAuthorized(res.t('missingAuthParams')));
} else {
return authWithHeaders()(req, res, next);
}
}
return User.findOne({ _id: userId, apiToken }).exec()
.then((user) => {
if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
res.locals.user = user;
return next();
})
.catch(next);
}