notifications route; added middleware.authenticate to user/uploadpicture api route

11 years ago · 94aeb3ab22
parent 5b8e8e4b67
commit 94aeb3ab22
4 changed files with 19 additions and 22 deletions
--- a/src/controllers/accounts.js
+++ b/src/controllers/accounts.js
@ -372,10 +372,6 @@ accountsController.accountSettings = function(req, res, next) {
 };

 accountsController.uploadPicture = function (req, res, next) {
-	if (!req.user) {
-		return userNotAllowed();
-	}
-
 	var uploadSize = parseInt(meta.config.maximumProfileImageSize, 10) || 256;
 	if (req.files.userPhoto.size > uploadSize * 1024) {
 		return res.json({
@ -473,4 +469,18 @@ accountsController.uploadPicture = function (req, res, next) {
 	});
 };

+accountsController.getNotifications = function(req, res, next) {
+	user.notifications.getAll(req.user.uid, null, null, function(err, notifications) {
+		if (res.locals.isAPI) {
+			res.json({
+				notifications: notifications
+			});	
+		} else {
+			res.render('notifications', {
+				notifications: notifications
+			});
+		}
+	});
+};
+
 module.exports = accountsController;
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@ -1,6 +1,5 @@
 "use strict";

-
 var app,
 	clientScripts,
 	middleware = {},
@ -19,7 +18,6 @@ var app,
 		api: require('./../controllers/api')
 	};

-
 middleware.authenticate = function(req, res, next) {
 	if(!req.user) {
 		if (res.locals.isAPI) {
--- a/src/routes/api.js
+++ b/src/routes/api.js
@ -40,18 +40,6 @@ module.exports =  function(app, middleware, controllers) {

 		app.get('/config', controllers.api.getConfig);

-		app.get('/notifications', function(req, res) {
-			if (req.user && req.user.uid) {
-				user.notifications.getAll(req.user.uid, null, null, function(err, notifications) {
-					res.json({
-						notifications: notifications
-					});
-				});
-			} else {
-				res.send(403);
-			}
-		});			
-
 		app.get('/search/:term', function (req, res, next) {
 			if (!plugins.hasListeners('filter:search.query')) {
 				return res.redirect('/404');
@ -176,7 +164,7 @@ module.exports =  function(app, middleware, controllers) {
 		});
 	});

-	// this should have been in the API namespace
+	// this should be in the API namespace
 	// also, perhaps pass in :userslug so we can use checkAccountPermissions middleware - in future will allow admins to upload a picture for a user
-	app.post('/user/uploadpicture', middleware.checkGlobalPrivacySettings, /*middleware.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
+	app.post('/user/uploadpicture', middleware.authenticate, middleware.checkGlobalPrivacySettings, /*middleware.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
 };
--- a/src/routes/index.js
+++ b/src/routes/index.js
@ -93,6 +93,9 @@ module.exports = function(app, middleware) {
 		app.get('/user/:userslug/settings', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
 		app.get('/api/user/:userslug/settings', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);

+		app.get('/notifications', middleware.buildHeader, middleware.authenticate, controllers.accounts.getNotifications);
+		app.get('/api/notifications', middleware.authenticate, controllers.accounts.getNotifications);
+
 		/* Users */
 		app.get('/users', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);
 		app.get('/api/users', middleware.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);
@ -117,8 +120,6 @@ module.exports = function(app, middleware) {
 		app.get('/sitemap.xml', controllers.sitemap);
 		app.get('/robots.txt', controllers.robots);

-		//todo notifications
-
 		app.get('api/search/:term?', function (req, res) {
 			if ((req.user && req.user.uid) || meta.config.allowGuestSearching === '1') {
 				return res.json({