mirror of
https://github.com/Foltik/Shimapan
synced 2024-11-30 22:41:47 -05:00
Add checks for bad requests in auth.js to prevent 500
This commit is contained in:
parent
7d39001a01
commit
9227fa428d
@ -63,6 +63,15 @@ async function validateInvite(code) {
|
|||||||
|
|
||||||
|
|
||||||
router.post('/register', canonicalizeRequest, wrap(async (req, res) => {
|
router.post('/register', canonicalizeRequest, wrap(async (req, res) => {
|
||||||
|
if (!req.body.displayname)
|
||||||
|
return res.status(400).json({message: 'No displayname specified.'});
|
||||||
|
|
||||||
|
if (!req.body.password)
|
||||||
|
return res.status(400).json({message: 'No password specified.'});
|
||||||
|
|
||||||
|
if (!req.body.invite)
|
||||||
|
return res.status(400).json({message: 'No invite specified.'});
|
||||||
|
|
||||||
// Validate the invite and username
|
// Validate the invite and username
|
||||||
const [inviteStatus, usernameStatus] =
|
const [inviteStatus, usernameStatus] =
|
||||||
await Promise.all([
|
await Promise.all([
|
||||||
@ -91,6 +100,12 @@ router.post('/register', canonicalizeRequest, wrap(async (req, res) => {
|
|||||||
}));
|
}));
|
||||||
|
|
||||||
router.post('/login', canonicalizeRequest, wrap(async (req, res, next) => {
|
router.post('/login', canonicalizeRequest, wrap(async (req, res, next) => {
|
||||||
|
if (!req.body.username)
|
||||||
|
return res.status(400).json({message: 'No username specified.'});
|
||||||
|
|
||||||
|
if (!req.body.password)
|
||||||
|
return res.status(400).json({message: 'No password specified.'});
|
||||||
|
|
||||||
// Authenticate
|
// Authenticate
|
||||||
const user = await authenticate(req, res, next);
|
const user = await authenticate(req, res, next);
|
||||||
if (!user)
|
if (!user)
|
||||||
@ -107,6 +122,9 @@ router.post('/login', canonicalizeRequest, wrap(async (req, res, next) => {
|
|||||||
}));
|
}));
|
||||||
|
|
||||||
router.post('/logout', function (req, res) {
|
router.post('/logout', function (req, res) {
|
||||||
|
if (!req.isAuthenticated())
|
||||||
|
return res.status(400).json({message: 'Not logged in.'});
|
||||||
|
|
||||||
req.logout();
|
req.logout();
|
||||||
res.status(200).json({'message': 'Logged out.'});
|
res.status(200).json({'message': 'Logged out.'});
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user