foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-27 21:19:09 -05:00
Code Issues Releases Wiki Activity

Add checks for bad requests in auth.js to prevent 500

Browse Source
This commit is contained in:
Jack Foltz 2018-07-28 12:53:49 -04:00
parent 7d39001a01
commit 9227fa428d
Signed by: foltik
GPG Key ID: 303F88F996E95541
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/routes/auth.js
View File

@ -63,6 +63,15 @@ async function validateInvite(code) {
router.post('/register', canonicalizeRequest, wrap(async (req, res) => {
if (!req.body.displayname)
return res.status(400).json({message: 'No displayname specified.'});
if (!req.body.password)
return res.status(400).json({message: 'No password specified.'});
if (!req.body.invite)
return res.status(400).json({message: 'No invite specified.'});
// Validate the invite and username
const [inviteStatus, usernameStatus] =
await Promise.all([
@ -91,6 +100,12 @@ router.post('/register', canonicalizeRequest, wrap(async (req, res) => {
}));
router.post('/login', canonicalizeRequest, wrap(async (req, res, next) => {
if (!req.body.username)
return res.status(400).json({message: 'No username specified.'});
if (!req.body.password)
return res.status(400).json({message: 'No password specified.'});
// Authenticate
const user = await authenticate(req, res, next);
if (!user)
@ -107,6 +122,9 @@ router.post('/login', canonicalizeRequest, wrap(async (req, res, next) => {
}));
router.post('/logout', function (req, res) {
if (!req.isAuthenticated())
return res.status(400).json({message: 'Not logged in.'});
req.logout();
res.status(200).json({'message': 'Logged out.'});
});