From fcf145fc81a12df2ab2d68b15252d1a180662791 Mon Sep 17 00:00:00 2001 From: barisusakli Date: Mon, 11 Jul 2016 13:03:47 +0300 Subject: [PATCH] 403 if not logged in, show error --- src/controllers/api.js | 4 +++ src/controllers/helpers.js | 5 +++- src/middleware/middleware.js | 56 ++++++++++++++++++------------------ 3 files changed, 36 insertions(+), 29 deletions(-) diff --git a/src/controllers/api.js b/src/controllers/api.js index 993d07976a..35f894e002 100644 --- a/src/controllers/api.js +++ b/src/controllers/api.js @@ -12,6 +12,7 @@ var categories = require('../categories'); var privileges = require('../privileges'); var plugins = require('../plugins'); var widgets = require('../widgets'); +var helpers = require('../controllers/helpers'); var accountHelpers = require('../controllers/accounts/helpers'); var apiController = {}; @@ -220,6 +221,9 @@ apiController.getObject = function(req, res, next) { }; apiController.getCurrentUser = function(req, res, next) { + if (!req.uid) { + return helpers.notAllowed(req, res); + } async.waterfall([ function(next) { user.getUserField(req.uid, 'userslug', next); diff --git a/src/controllers/helpers.js b/src/controllers/helpers.js index 3d0f177d67..c91d68acc7 100644 --- a/src/controllers/helpers.js +++ b/src/controllers/helpers.js @@ -3,8 +3,8 @@ var nconf = require('nconf'); var async = require('async'); var validator = require('validator'); +var winston = require('winston'); -var translator = require('../../public/src/modules/translator'); var categories = require('../categories'); var plugins = require('../plugins'); var meta = require('../meta'); @@ -17,6 +17,9 @@ helpers.notAllowed = function(req, res, error) { res: res, error: error }, function(err, data) { + if (err) { + return winston.error(err); + } if (req.uid) { if (res.locals.isAPI) { res.status(403).json({ diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index 991f6bbe66..cbede05028 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -1,32 +1,32 @@ "use strict"; -var app, - middleware = { - admin: {} - }, - async = require('async'), - fs = require('fs'), - path = require('path'), - csrf = require('csurf'), - _ = require('underscore'), - - validator = require('validator'), - nconf = require('nconf'), - ensureLoggedIn = require('connect-ensure-login'), - toobusy = require('toobusy-js'), - - plugins = require('../plugins'), - languages = require('../languages'), - meta = require('../meta'), - user = require('../user'), - groups = require('../groups'), - - analytics = require('../analytics'), - - controllers = { - api: require('./../controllers/api'), - helpers: require('../controllers/helpers') - }; +var app; +var middleware = { + admin: {} +}; +var async = require('async'); +var fs = require('fs'); +var path = require('path'); +var csrf = require('csurf'); +var _ = require('underscore'); + +var validator = require('validator'); +var nconf = require('nconf'); +var ensureLoggedIn = require('connect-ensure-login'); +var toobusy = require('toobusy-js'); + +var plugins = require('../plugins'); +var languages = require('../languages'); +var meta = require('../meta'); +var user = require('../user'); +var groups = require('../groups'); + +var analytics = require('../analytics'); + +var controllers = { + api: require('./../controllers/api'), + helpers: require('../controllers/helpers') +}; toobusy.maxLag(parseInt(meta.config.eventLoopLagThreshold, 10) || 100); toobusy.interval(parseInt(meta.config.eventLoopInterval, 10) || 500); @@ -322,7 +322,7 @@ middleware.processLanguages = function(req, res, next) { if (code && key) { languages.get(code, key[0], function(err, language) { res.status(200).json(language); - }) + }); } else { res.status(404).json('{}'); }