SimCompanies/dashboard
2
1
Fork 0
Code Issues 17 Pull Requests Releases Activity

limit logout function to logged in users

Browse Source
This commit is contained in:
Oliver Boehlk
2020-05-15 23:21:47 +02:00
parent ab7b2d907d
commit babc2c8ea8
1 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
backend/index.js
View File

@@ -165,26 +165,21 @@ app.post("/API/user/login", passport.authenticate('local-login'), function (req,
return res.status(status.OK).send("login success");
});
app.delete("/API/user/logout", function (req, res) {
req.logout();
return res.status(status.OK).send("logout success");
}); !!
app.put("/API/user/create", function (req, res) {
let { email, password } = req.body;
if (email && password) {
email = mysql.escape(email);
password = mysql.escape(bcrypt.hashSync(password, saltRounds));
if (DEBUG) return res.status(status.OK).send();
connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) {
if (err)
return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin");
return res.status(status.OK).send("account successfully created");
});
} else {
return res.status(status.BAD_REQUEST).send("invalid data supplied");
}
});
app.put("/API/user/create", function (req, res) {
let { email, password } = req.body;
if (email && password) {
email = mysql.escape(email);
password = mysql.escape(bcrypt.hashSync(password, saltRounds));
if (DEBUG) return res.status(status.OK).send();
connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) {
if (err)
return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin");
return res.status(status.OK).send("account successfully created");
});
} else {
return res.status(status.BAD_REQUEST).send("invalid data supplied");
}
});
app.all("*", function (req, res, next) {
if (req.isAuthenticated()) {
@@ -199,6 +194,11 @@ app.get("/API/testlogin", function (req, res) {
return res.status(status.OK).send(req.user["email"]);
});
app.delete("/API/user/logout", function (req, res) {
req.logout();
return res.status(status.OK).send("logout success");
});
app.get('/API/day', function (req, res) {
const kind = parseInt(req.query.kind);
if (Number.isInteger(kind)) {