403 if not logged in, show error

9 years ago · fcf145fc81
parent 7b86fd3dc0
commit fcf145fc81
3 changed files with 36 additions and 29 deletions
--- a/src/controllers/api.js
+++ b/src/controllers/api.js
@ -12,6 +12,7 @@ var categories = require('../categories');
 var privileges = require('../privileges');
 var plugins = require('../plugins');
 var widgets = require('../widgets');
+var helpers = require('../controllers/helpers');
 var accountHelpers = require('../controllers/accounts/helpers');

 var apiController = {};
@ -220,6 +221,9 @@ apiController.getObject = function(req, res, next) {
 };

 apiController.getCurrentUser = function(req, res, next) {
+	if (!req.uid) {
+		return helpers.notAllowed(req, res);
+	}
 	async.waterfall([
 		function(next) {
 			user.getUserField(req.uid, 'userslug', next);
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@ -3,8 +3,8 @@
 var nconf = require('nconf');
 var async = require('async');
 var validator = require('validator');
+var winston = require('winston');

-var translator = require('../../public/src/modules/translator');
 var categories = require('../categories');
 var plugins = require('../plugins');
 var meta = require('../meta');
@ -17,6 +17,9 @@ helpers.notAllowed = function(req, res, error) {
 		res: res,
 		error: error
 	}, function(err, data) {
+		if (err) {
+			return winston.error(err);
+		}
 		if (req.uid) {
 			if (res.locals.isAPI) {
 				res.status(403).json({
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@ -1,32 +1,32 @@
 "use strict";

-var app,
-	middleware = {
-		admin: {}
-	},
-	async = require('async'),
-	fs = require('fs'),
-	path = require('path'),
-	csrf = require('csurf'),
-	_ = require('underscore'),
-
-	validator = require('validator'),
-	nconf = require('nconf'),
-	ensureLoggedIn = require('connect-ensure-login'),
-	toobusy = require('toobusy-js'),
-
-	plugins = require('../plugins'),
-	languages = require('../languages'),
-	meta = require('../meta'),
-	user = require('../user'),
-	groups = require('../groups'),
-
-	analytics = require('../analytics'),
-
-	controllers = {
-		api: require('./../controllers/api'),
-		helpers: require('../controllers/helpers')
-	};
+var app;
+var middleware = {
+	admin: {}
+};
+var async = require('async');
+var fs = require('fs');
+var path = require('path');
+var csrf = require('csurf');
+var _ = require('underscore');
+
+var validator = require('validator');
+var nconf = require('nconf');
+var ensureLoggedIn = require('connect-ensure-login');
+var toobusy = require('toobusy-js');
+
+var plugins = require('../plugins');
+var languages = require('../languages');
+var meta = require('../meta');
+var user = require('../user');
+var groups = require('../groups');
+
+var analytics = require('../analytics');
+
+var controllers = {
+	api: require('./../controllers/api'),
+	helpers: require('../controllers/helpers')
+};

 toobusy.maxLag(parseInt(meta.config.eventLoopLagThreshold, 10) || 100);
 toobusy.interval(parseInt(meta.config.eventLoopInterval, 10) || 500);
@ -322,7 +322,7 @@ middleware.processLanguages = function(req, res, next) {
 	if (code && key) {
 		languages.get(code, key[0], function(err, language) {
 			res.status(200).json(language);
-		})
+		});
 	} else {
 		res.status(404).json('{}');
 	}