diff --git a/scripts/ensureLogin.js b/scripts/ensureLogin.js new file mode 100644 index 0000000..d88c107 --- /dev/null +++ b/scripts/ensureLogin.js @@ -0,0 +1,9 @@ +// Make sure the user is logged in +// Redirect to login page and store the current path in the session for redirecting later +function ensureLogin (req, res, next) { + if (req.session.user) return next() + req.session.redirectUri = req.originalUrl + res.redirect('/login') +} + +module.exports = ensureLogin diff --git a/server/routes/admin.js b/server/routes/admin.js index bb1f305..088a80f 100644 --- a/server/routes/admin.js +++ b/server/routes/admin.js @@ -1,4 +1,5 @@ import express from 'express' +import ensureLogin from '../../scripts/ensureLogin' import wrap from '../../scripts/asyncRoute' import {User} from '../api' import API from '../api/admin' @@ -7,9 +8,7 @@ const router = express.Router() const apiRouter = express.Router() // Check for privilege required to access the admin panel -router.use(wrap(async (req, res, next) => { - if (!req.session.user) return res.redirect('/login') - +router.use(ensureLogin, wrap(async (req, res, next) => { if (!req.session.privilege) { let u = await User.get(req.session.user) req.session.privilege = u.nw_privilege diff --git a/server/routes/api.js b/server/routes/api.js index 4ab4dff..c220fdd 100644 --- a/server/routes/api.js +++ b/server/routes/api.js @@ -50,7 +50,6 @@ function objectAssembler (insane) { // Create a session and return a redirect uri if provided function createSession (req, user) { - let uri = '/' req.session.user = { id: user.id, username: user.username, @@ -59,14 +58,6 @@ function createSession (req, user) { avatar_file: user.avatar_file, session_refresh: Date.now() + 1800000 // 30 minutes } - - if (req.session.redirectUri) { - uri = req.session.redirectUri - } else if (req.query.redirect) { - uri = req.query.redirect - } - - return uri } // Either give JSON or make a redirect @@ -94,13 +85,12 @@ router.post('/external/facebook/callback', wrap(async (req, res, next) => { } // Create session - let uri = '/' if (!req.session.user) { let user = response.user - uri = createSession(req, user) + createSession(req, user) } - JsonData(req, res, null, uri) + JsonData(req, res, null, '/login') })) router.get('/external/facebook/remove', wrap(async (req, res) => { @@ -127,9 +117,6 @@ router.get('/external/twitter/login', wrap(async (req, res) => { } req.session.twitter_auth = tokens - if (req.query.returnTo) { - req.session.twitter_auth.returnTo = req.query.returnTo - } res.redirect('https://twitter.com/oauth/authenticate?oauth_token=' + tokens.token) })) @@ -138,7 +125,7 @@ router.get('/external/twitter/callback', wrap(async (req, res) => { if (!config.twitter || !config.twitter.api) return res.redirect('/login') if (!req.session.twitter_auth) return res.redirect('/login') let ta = req.session.twitter_auth - let uri = ta.returnTo || '/login' + let uri = '/login' if (!req.query.oauth_verifier) { req.flash('message', {error: true, text: 'Couldn\'t get a verifier'}) @@ -165,7 +152,7 @@ router.get('/external/twitter/callback', wrap(async (req, res) => { if (!req.session.user) { let user = response.user - uri = createSession(req, user) + createSession(req, user) } res.render('redirect', {url: uri}) @@ -193,7 +180,6 @@ router.get('/external/discord/login', wrap(async (req, res) => { let infos = APIExtern.Discord.getAuthorizeURL() req.session.discord_auth = { - returnTo: req.query.returnTo || '/login', state: infos.state } @@ -207,7 +193,7 @@ router.get('/external/discord/callback', wrap(async (req, res) => { let code = req.query.code let state = req.query.state let da = req.session.discord_auth - let uri = da.returnTo || '/login' + let uri = '/login' if (!code) { req.flash('message', {error: true, text: 'No authorization.'}) @@ -239,7 +225,7 @@ router.get('/external/discord/callback', wrap(async (req, res) => { if (!req.session.user) { let user = response.user - uri = createSession(req, user) + createSession(req, user) } res.render('redirect', {url: uri}) diff --git a/server/routes/index.js b/server/routes/index.js index 847f100..9b23b27 100644 --- a/server/routes/index.js +++ b/server/routes/index.js @@ -2,6 +2,7 @@ import fs from 'fs' import path from 'path' import express from 'express' import RateLimit from 'express-rate-limit' +import ensureLogin from '../../scripts/ensureLogin' import config from '../../scripts/load-config' import exists from '../../scripts/existsSync' import wrap from '../../scripts/asyncRoute' @@ -41,11 +42,10 @@ function setSession (req, user) { function redirectLogin (req, res) { let uri = '/' + console.log('goto', req.session.redirectUri) if (req.session.redirectUri) { uri = req.session.redirectUri delete req.session.redirectUri - } else if (req.query.redirect) { - uri = req.query.redirect } res.redirect(uri) @@ -132,16 +132,11 @@ function formKeep (req, res, next) { next() } -// Make sure the user is logged in -// Redirect to login page and store the current path in the session for redirecting later -function ensureLogin (req, res, next) { - if (req.session.user) return next() - req.session.redirectUri = req.originalUrl - res.redirect('/login') -} - router.get('/login', extraButtons, (req, res) => { if (req.session.user) return redirectLogin(req, res) + if (req.query.returnTo) { + req.session.redirectUri = req.query.returnTo + } res.render('user/login') }) diff --git a/server/routes/minecraft.js b/server/routes/minecraft.js index 9b08998..d31aae5 100644 --- a/server/routes/minecraft.js +++ b/server/routes/minecraft.js @@ -1,15 +1,11 @@ import express from 'express' +import ensureLogin from '../../scripts/ensureLogin' import wrap from '../../scripts/asyncRoute' import Minecraft from '../api/minecraft' let router = express.Router() -router.get('/', wrap(async (req, res) => { - if (!req.session.user) { - req.session.redirectUri = req.originalUrl - return res.redirect('/login') - } - +router.get('/', ensureLogin, wrap(async (req, res) => { let token = await Minecraft.getToken(req.session.user) res.render('minecraft/index', {token: token.token, mcu: token.mcu})