From 4a6004aa7c01aafd62192847a756249edd171942 Mon Sep 17 00:00:00 2001
From: Evert <imsonotsleepy@gmail.com>
Date: Mon, 9 Oct 2017 17:38:27 +0300
Subject: [PATCH] some login redirect shenanigans

---
 scripts/ensureLogin.js     |  9 +++++++++
 server/routes/admin.js     |  5 ++---
 server/routes/api.js       | 26 ++++++--------------------
 server/routes/index.js     | 15 +++++----------
 server/routes/minecraft.js |  8 ++------
 5 files changed, 24 insertions(+), 39 deletions(-)
 create mode 100644 scripts/ensureLogin.js

diff --git a/scripts/ensureLogin.js b/scripts/ensureLogin.js
new file mode 100644
index 0000000..d88c107
--- /dev/null
+++ b/scripts/ensureLogin.js
@@ -0,0 +1,9 @@
+// Make sure the user is logged in
+// Redirect to login page and store the current path in the session for redirecting later
+function ensureLogin (req, res, next) {
+  if (req.session.user) return next()
+  req.session.redirectUri = req.originalUrl
+  res.redirect('/login')
+}
+
+module.exports = ensureLogin
diff --git a/server/routes/admin.js b/server/routes/admin.js
index bb1f305..088a80f 100644
--- a/server/routes/admin.js
+++ b/server/routes/admin.js
@@ -1,4 +1,5 @@
 import express from 'express'
+import ensureLogin from '../../scripts/ensureLogin'
 import wrap from '../../scripts/asyncRoute'
 import {User} from '../api'
 import API from '../api/admin'
@@ -7,9 +8,7 @@ const router = express.Router()
 const apiRouter = express.Router()
 
 // Check for privilege required to access the admin panel
-router.use(wrap(async (req, res, next) => {
-  if (!req.session.user) return res.redirect('/login')
-
+router.use(ensureLogin, wrap(async (req, res, next) => {
   if (!req.session.privilege) {
     let u = await User.get(req.session.user)
     req.session.privilege = u.nw_privilege
diff --git a/server/routes/api.js b/server/routes/api.js
index 4ab4dff..c220fdd 100644
--- a/server/routes/api.js
+++ b/server/routes/api.js
@@ -50,7 +50,6 @@ function objectAssembler (insane) {
 
 // Create a session and return a redirect uri if provided
 function createSession (req, user) {
-  let uri = '/'
   req.session.user = {
     id: user.id,
     username: user.username,
@@ -59,14 +58,6 @@ function createSession (req, user) {
     avatar_file: user.avatar_file,
     session_refresh: Date.now() + 1800000 // 30 minutes
   }
-
-  if (req.session.redirectUri) {
-    uri = req.session.redirectUri
-  } else if (req.query.redirect) {
-    uri = req.query.redirect
-  }
-
-  return uri
 }
 
 // Either give JSON or make a redirect
@@ -94,13 +85,12 @@ router.post('/external/facebook/callback', wrap(async (req, res, next) => {
   }
 
   // Create session
-  let uri = '/'
   if (!req.session.user) {
     let user = response.user
-    uri = createSession(req, user)
+    createSession(req, user)
   }
 
-  JsonData(req, res, null, uri)
+  JsonData(req, res, null, '/login')
 }))
 
 router.get('/external/facebook/remove', wrap(async (req, res) => {
@@ -127,9 +117,6 @@ router.get('/external/twitter/login', wrap(async (req, res) => {
   }
 
   req.session.twitter_auth = tokens
-  if (req.query.returnTo) {
-    req.session.twitter_auth.returnTo = req.query.returnTo
-  }
 
   res.redirect('https://twitter.com/oauth/authenticate?oauth_token=' + tokens.token)
 }))
@@ -138,7 +125,7 @@ router.get('/external/twitter/callback', wrap(async (req, res) => {
   if (!config.twitter || !config.twitter.api) return res.redirect('/login')
   if (!req.session.twitter_auth) return res.redirect('/login')
   let ta = req.session.twitter_auth
-  let uri = ta.returnTo || '/login'
+  let uri = '/login'
 
   if (!req.query.oauth_verifier) {
     req.flash('message', {error: true, text: 'Couldn\'t get a verifier'})
@@ -165,7 +152,7 @@ router.get('/external/twitter/callback', wrap(async (req, res) => {
 
   if (!req.session.user) {
     let user = response.user
-    uri = createSession(req, user)
+    createSession(req, user)
   }
 
   res.render('redirect', {url: uri})
@@ -193,7 +180,6 @@ router.get('/external/discord/login', wrap(async (req, res) => {
   let infos = APIExtern.Discord.getAuthorizeURL()
 
   req.session.discord_auth = {
-    returnTo: req.query.returnTo || '/login',
     state: infos.state
   }
 
@@ -207,7 +193,7 @@ router.get('/external/discord/callback', wrap(async (req, res) => {
   let code = req.query.code
   let state = req.query.state
   let da = req.session.discord_auth
-  let uri = da.returnTo || '/login'
+  let uri = '/login'
 
   if (!code) {
     req.flash('message', {error: true, text: 'No authorization.'})
@@ -239,7 +225,7 @@ router.get('/external/discord/callback', wrap(async (req, res) => {
 
   if (!req.session.user) {
     let user = response.user
-    uri = createSession(req, user)
+    createSession(req, user)
   }
 
   res.render('redirect', {url: uri})
diff --git a/server/routes/index.js b/server/routes/index.js
index 847f100..9b23b27 100644
--- a/server/routes/index.js
+++ b/server/routes/index.js
@@ -2,6 +2,7 @@ import fs from 'fs'
 import path from 'path'
 import express from 'express'
 import RateLimit from 'express-rate-limit'
+import ensureLogin from '../../scripts/ensureLogin'
 import config from '../../scripts/load-config'
 import exists from '../../scripts/existsSync'
 import wrap from '../../scripts/asyncRoute'
@@ -41,11 +42,10 @@ function setSession (req, user) {
 function redirectLogin (req, res) {
   let uri = '/'
 
+  console.log('goto', req.session.redirectUri)
   if (req.session.redirectUri) {
     uri = req.session.redirectUri
     delete req.session.redirectUri
-  } else if (req.query.redirect) {
-    uri = req.query.redirect
   }
 
   res.redirect(uri)
@@ -132,16 +132,11 @@ function formKeep (req, res, next) {
   next()
 }
 
-// Make sure the user is logged in
-// Redirect to login page and store the current path in the session for redirecting later
-function ensureLogin (req, res, next) {
-  if (req.session.user) return next()
-  req.session.redirectUri = req.originalUrl
-  res.redirect('/login')
-}
-
 router.get('/login', extraButtons, (req, res) => {
   if (req.session.user) return redirectLogin(req, res)
+  if (req.query.returnTo) {
+    req.session.redirectUri = req.query.returnTo
+  }
 
   res.render('user/login')
 })
diff --git a/server/routes/minecraft.js b/server/routes/minecraft.js
index 9b08998..d31aae5 100644
--- a/server/routes/minecraft.js
+++ b/server/routes/minecraft.js
@@ -1,15 +1,11 @@
 import express from 'express'
+import ensureLogin from '../../scripts/ensureLogin'
 import wrap from '../../scripts/asyncRoute'
 import Minecraft from '../api/minecraft'
 
 let router = express.Router()
 
-router.get('/', wrap(async (req, res) => {
-  if (!req.session.user) {
-    req.session.redirectUri = req.originalUrl
-    return res.redirect('/login')
-  }
-
+router.get('/', ensureLogin, wrap(async (req, res) => {
   let token = await Minecraft.getToken(req.session.user)
 
   res.render('minecraft/index', {token: token.token, mcu: token.mcu})