krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

User auth performance improvements (#9589)

Browse Source 
* Added initial user projecting in auth and fixed projection for get user tasks

* Added fields to score route

* Added another field to get tasks

* Added group fields to user
This commit is contained in:
Keith Holliday
2017-11-30 08:17:28 -06:00
committed by GitHub
parent 77f71b5415
commit a097819b72
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
website/server/controllers/api-v3/tasks.js
View File

@@ -262,7 +262,7 @@ api.createChallengeTasks = {
api.getUserTasks = { api.getUserTasks = {
method: 'GET', method: 'GET',
url: '/tasks/user', url: '/tasks/user',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders(false, '_id preferences tasksOrder')],
async handler (req, res) { async handler (req, res) {
let types = Tasks.tasksTypes.map(type => `${type}s`); let types = Tasks.tasksTypes.map(type => `${type}s`);
types.push('completedTodos', '_allCompletedTodos'); // _allCompletedTodos is currently in BETA and is likely to be removed in future types.push('completedTodos', '_allCompletedTodos'); // _allCompletedTodos is currently in BETA and is likely to be removed in future
@@ -517,7 +517,7 @@ api.updateTask = {
api.scoreTask = { api.scoreTask = {
method: 'POST', method: 'POST',
url: '/tasks/:taskId/score/:direction', url: '/tasks/:taskId/score/:direction',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders(false, '_id stats profile preferences tasksOrder _ABtests webhooks party guilds')],
async handler (req, res) { async handler (req, res) {
req.checkParams('direction', res.t('directionUpDown')).notEmpty().isIn(['up', 'down']); req.checkParams('direction', res.t('directionUpDown')).notEmpty().isIn(['up', 'down']);

12
website/server/middlewares/auth.js
View File

@@ -12,7 +12,7 @@ const COMMUNITY_MANAGER_EMAIL = nconf.get('EMAILS:COMMUNITY_MANAGER_EMAIL');
// Authenticate a request through the x-api-user and x-api key header // Authenticate a request through the x-api-user and x-api key header
// If optional is true, don't error on missing authentication // If optional is true, don't error on missing authentication
export function authWithHeaders (optional = false) { export function authWithHeaders (optional = false, userFieldProjection = '') {
return function authWithHeadersHandler (req, res, next) { return function authWithHeadersHandler (req, res, next) {
let userId = req.header('x-api-user'); let userId = req.header('x-api-user');
let apiToken = req.header('x-api-key'); let apiToken = req.header('x-api-key');
@@ -22,10 +22,16 @@ export function authWithHeaders (optional = false) {
return next(new NotAuthorized(res.t('missingAuthHeaders'))); return next(new NotAuthorized(res.t('missingAuthHeaders')));
} }
return User.findOne({ const userQuery = {
_id: userId, _id: userId,
apiToken, apiToken,
}) };
let fields = '';
if (userFieldProjection) fields = `notifications ${userFieldProjection}`;
const findPromise = fields ? User.findOne(userQuery, fields) : User.findOne(userQuery);
return findPromise
.exec() .exec()
.then((user) => { .then((user) => {
if (!user) throw new NotAuthorized(res.t('invalidCredentials')); if (!user) throw new NotAuthorized(res.t('invalidCredentials'));