From c8efeb7d7c485a1a03da6fec588311d8a249297a Mon Sep 17 00:00:00 2001 From: barisusakli Date: Wed, 30 Apr 2014 17:24:49 -0400 Subject: [PATCH] closes #1400, bunch of other fixes to 404, 403 in accounts --- public/src/ajaxify.js | 2 ++ src/controllers/accounts.js | 47 +++++++++++++++++++++++------------- src/middleware/middleware.js | 16 +++++++++++- src/routes/index.js | 3 +++ 4 files changed, 50 insertions(+), 18 deletions(-) diff --git a/public/src/ajaxify.js b/public/src/ajaxify.js index 877577f041..4b0e7f788c 100644 --- a/public/src/ajaxify.js +++ b/public/src/ajaxify.js @@ -198,6 +198,8 @@ var ajaxify = ajaxify || {}; return ajaxify.go('404'); } else if (data && data.status === 403) { return ajaxify.go('403'); + } else if (data && data.status === 302) { + return ajaxify.go(data.responseJSON.slice(1)); } else if (textStatus !== "abort") { app.alertError(data.responseJSON.error); } diff --git a/src/controllers/accounts.js b/src/controllers/accounts.js index 0eab10a25f..59ae4899f2 100644 --- a/src/controllers/accounts.js +++ b/src/controllers/accounts.js @@ -20,21 +20,33 @@ var fs = require('fs'), file = require('./../file'); function userNotFound(res) { - return res.render('404', { - error: 'User not found!' - }); + if (res.locals.isAPI) { + res.json(404, 'user-not-found'); + } else { + res.render('404', { + error: 'User not found!' + }); + } } function userNotAllowed(res) { - return res.render('403', { - error: 'Not allowed.' - }); + if (res.locals.isAPI) { + res.json(403, 'not-allowed'); + } else { + res.render('403', { + error: 'Not allowed.' + }); + } } function getUserDataByUserSlug(userslug, callerUID, callback) { user.getUidByUserslug(userslug, function(err, uid) { - if(err || !uid) { - return callback(err || new Error('[[error:invalid-uid]]')); + if (err) { + return callback(err); + } + + if (!uid) { + return callback(null, null); } async.parallel({ @@ -181,7 +193,7 @@ function getFollow(name, req, res, next) { function(data, next) { userData = data; if (!userData) { - return userNotFound(); + return userNotFound(res); } var method = name === 'following' ? 'getFollowing' : 'getFollowers'; user[method](userData.uid, next); @@ -202,11 +214,11 @@ accountsController.getFavourites = function(req, res, next) { user.getUidByUserslug(req.params.userslug, function (err, uid) { if (!uid) { - return userNotFound(); + return userNotFound(res); } if (parseInt(uid, 10) !== callerUID) { - return userNotAllowed(); + return userNotAllowed(res); } user.getUserFields(uid, ['username', 'userslug'], function (err, userData) { @@ -215,7 +227,7 @@ accountsController.getFavourites = function(req, res, next) { } if (!userData) { - return userNotFound(); + return userNotFound(res); } posts.getFavourites(uid, 0, 9, function (err, favourites) { @@ -243,7 +255,7 @@ accountsController.getPosts = function(req, res, next) { } if (!userData) { - return userNotFound(); + return userNotFound(res); } posts.getPostsByUid(callerUID, userData.uid, 0, 19, function (err, userPosts) { @@ -270,7 +282,7 @@ accountsController.getTopics = function(req, res, next) { } if (!userData) { - return userNotFound(); + return userNotFound(res); } var set = 'uid:' + userData.uid + ':topics'; @@ -315,16 +327,17 @@ accountsController.accountSettings = function(req, res, next) { var callerUID = req.user ? parseInt(req.user.uid, 10) : 0; user.getUidByUserslug(req.params.userslug, function(err, uid) { + if (err) { return next(err); } if (!uid) { - return userNotFound(); + return userNotFound(res); } if (parseInt(uid, 10) !== callerUID) { - return userNotAllowed(); + return userNotAllowed(res); } plugins.fireHook('filter:user.settings', [], function(err, settings) { @@ -345,7 +358,7 @@ accountsController.accountSettings = function(req, res, next) { } if(!results.user) { - return userNotFound(); + return userNotFound(res); } results = { diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index 4a1b688730..a06c2209bb 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -52,6 +52,20 @@ middleware.redirectToAccountIfLoggedIn = function(req, res, next) { } }; +middleware.redirectToSelf = function(req, res, next) { + if (req.user && req.params.userslug === '[self]') { + user.getUserField(req.user.uid, 'userslug', function (err, userslug) { + if(res.locals.isAPI) { + res.json(302, '/user/' + userslug + (req.params.section ? '/' + req.params.section : '')); + } else { + res.redirect('/user/' + userslug + (req.params.section ? '/' + req.params.section : '')); + } + }); + } else { + next(); + } +}; + middleware.addSlug = function(req, res, next) { function redirect(method, id, name) { method(id, 'slug', function(err, slug) { @@ -114,7 +128,7 @@ middleware.checkAccountPermissions = function(req, res, next) { // not sure if this check really should belong here. also make sure we're not doing this check again in the actual method if (!uid) { if (res.locals.isAPI) { - return res.json(404); + return res.json(404, 'not-found'); } else { return res.redirect('404'); } diff --git a/src/routes/index.js b/src/routes/index.js index a0ab63a769..0c494a6562 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -73,6 +73,9 @@ function categoryRoutes(app, middleware, controllers) { } function accountRoutes(app, middleware, controllers) { + app.get('/user/:userslug/:section?', middleware.redirectToSelf); + app.get('/api/user/:userslug/:section?', middleware.redirectToSelf); + app.get('/user/:userslug', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount); app.get('/api/user/:userslug', middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount);