From babc2c8ea8b775945fe69f7307a66d1723ef8247 Mon Sep 17 00:00:00 2001
From: Oliver Boehlk <ollitobiasb@gmail.com>
Date: Fri, 15 May 2020 23:21:47 +0200
Subject: [PATCH] limit logout function to logged in users

---
 backend/index.js | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/backend/index.js b/backend/index.js
index faddb94..be7b6f5 100644
--- a/backend/index.js
+++ b/backend/index.js
@@ -165,26 +165,21 @@ app.post("/API/user/login", passport.authenticate('local-login'), function (req,
     return res.status(status.OK).send("login success");
 });
 
-app.delete("/API/user/logout", function (req, res) {
-    req.logout();
-    return res.status(status.OK).send("logout success");
-}); !!
-
-    app.put("/API/user/create", function (req, res) {
-        let { email, password } = req.body;
-        if (email && password) {
-            email = mysql.escape(email);
-            password = mysql.escape(bcrypt.hashSync(password, saltRounds));
-            if (DEBUG) return res.status(status.OK).send();
-            connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) {
-                if (err)
-                    return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin");
-                return res.status(status.OK).send("account successfully created");
-            });
-        } else {
-            return res.status(status.BAD_REQUEST).send("invalid data supplied");
-        }
-    });
+app.put("/API/user/create", function (req, res) {
+    let { email, password } = req.body;
+    if (email && password) {
+        email = mysql.escape(email);
+        password = mysql.escape(bcrypt.hashSync(password, saltRounds));
+        if (DEBUG) return res.status(status.OK).send();
+        connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) {
+            if (err)
+                return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin");
+            return res.status(status.OK).send("account successfully created");
+        });
+    } else {
+        return res.status(status.BAD_REQUEST).send("invalid data supplied");
+    }
+});
 
 app.all("*", function (req, res, next) {
     if (req.isAuthenticated()) {
@@ -199,6 +194,11 @@ app.get("/API/testlogin", function (req, res) {
     return res.status(status.OK).send(req.user["email"]);
 });
 
+app.delete("/API/user/logout", function (req, res) {
+    req.logout();
+    return res.status(status.OK).send("logout success");
+});
+
 app.get('/API/day', function (req, res) {
     const kind = parseInt(req.query.kind);
     if (Number.isInteger(kind)) {