Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-08 23:15:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #1400, bunch of other fixes to 404, 403 in accounts

Browse Source
This commit is contained in:
barisusakli
2014-04-30 17:24:49 -04:00
parent 8fa3baf32d
commit c8efeb7d7c
4 changed files with 50 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/src/ajaxify.js
View File

@@ -198,6 +198,8 @@ var ajaxify = ajaxify || {};
return ajaxify.go('404'); return ajaxify.go('404');
} else if (data && data.status === 403) { } else if (data && data.status === 403) {
return ajaxify.go('403'); return ajaxify.go('403');
} else if (data && data.status === 302) {
return ajaxify.go(data.responseJSON.slice(1));
} else if (textStatus !== "abort") { } else if (textStatus !== "abort") {
app.alertError(data.responseJSON.error); app.alertError(data.responseJSON.error);
} }

47
src/controllers/accounts.js
View File

@@ -20,21 +20,33 @@ var fs = require('fs'),
file = require('./../file'); file = require('./../file');
function userNotFound(res) { function userNotFound(res) {
return res.render('404', { if (res.locals.isAPI) {
error: 'User not found!' res.json(404, 'user-not-found');
}); } else {
res.render('404', {
error: 'User not found!'
});
}
} }
function userNotAllowed(res) { function userNotAllowed(res) {
return res.render('403', { if (res.locals.isAPI) {
error: 'Not allowed.' res.json(403, 'not-allowed');
}); } else {
res.render('403', {
error: 'Not allowed.'
});
}
} }
function getUserDataByUserSlug(userslug, callerUID, callback) { function getUserDataByUserSlug(userslug, callerUID, callback) {
user.getUidByUserslug(userslug, function(err, uid) { user.getUidByUserslug(userslug, function(err, uid) {
if(err || !uid) { if (err) {
return callback(err || new Error('[[error:invalid-uid]]')); return callback(err);
}
if (!uid) {
return callback(null, null);
} }
async.parallel({ async.parallel({
@@ -181,7 +193,7 @@ function getFollow(name, req, res, next) {
function(data, next) { function(data, next) {
userData = data; userData = data;
if (!userData) { if (!userData) {
return userNotFound(); return userNotFound(res);
} }
var method = name === 'following' ? 'getFollowing' : 'getFollowers'; var method = name === 'following' ? 'getFollowing' : 'getFollowers';
user[method](userData.uid, next); user[method](userData.uid, next);
@@ -202,11 +214,11 @@ accountsController.getFavourites = function(req, res, next) {
user.getUidByUserslug(req.params.userslug, function (err, uid) { user.getUidByUserslug(req.params.userslug, function (err, uid) {
if (!uid) { if (!uid) {
return userNotFound(); return userNotFound(res);
} }
if (parseInt(uid, 10) !== callerUID) { if (parseInt(uid, 10) !== callerUID) {
return userNotAllowed(); return userNotAllowed(res);
} }
user.getUserFields(uid, ['username', 'userslug'], function (err, userData) { user.getUserFields(uid, ['username', 'userslug'], function (err, userData) {
@@ -215,7 +227,7 @@ accountsController.getFavourites = function(req, res, next) {
} }
if (!userData) { if (!userData) {
return userNotFound(); return userNotFound(res);
} }
posts.getFavourites(uid, 0, 9, function (err, favourites) { posts.getFavourites(uid, 0, 9, function (err, favourites) {
@@ -243,7 +255,7 @@ accountsController.getPosts = function(req, res, next) {
} }
if (!userData) { if (!userData) {
return userNotFound(); return userNotFound(res);
} }
posts.getPostsByUid(callerUID, userData.uid, 0, 19, function (err, userPosts) { posts.getPostsByUid(callerUID, userData.uid, 0, 19, function (err, userPosts) {
@@ -270,7 +282,7 @@ accountsController.getTopics = function(req, res, next) {
} }
if (!userData) { if (!userData) {
return userNotFound(); return userNotFound(res);
} }
var set = 'uid:' + userData.uid + ':topics'; var set = 'uid:' + userData.uid + ':topics';
@@ -315,16 +327,17 @@ accountsController.accountSettings = function(req, res, next) {
var callerUID = req.user ? parseInt(req.user.uid, 10) : 0; var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
user.getUidByUserslug(req.params.userslug, function(err, uid) { user.getUidByUserslug(req.params.userslug, function(err, uid) {
if (err) { if (err) {
return next(err); return next(err);
} }
if (!uid) { if (!uid) {
return userNotFound(); return userNotFound(res);
} }
if (parseInt(uid, 10) !== callerUID) { if (parseInt(uid, 10) !== callerUID) {
return userNotAllowed(); return userNotAllowed(res);
} }
plugins.fireHook('filter:user.settings', [], function(err, settings) { plugins.fireHook('filter:user.settings', [], function(err, settings) {
@@ -345,7 +358,7 @@ accountsController.accountSettings = function(req, res, next) {
} }
if(!results.user) { if(!results.user) {
return userNotFound(); return userNotFound(res);
} }
results = { results = {

16
src/middleware/middleware.js
View File

@@ -52,6 +52,20 @@ middleware.redirectToAccountIfLoggedIn = function(req, res, next) {
} }
}; };
middleware.redirectToSelf = function(req, res, next) {
if (req.user && req.params.userslug === '[self]') {
user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
if(res.locals.isAPI) {
res.json(302, '/user/' + userslug + (req.params.section ? '/' + req.params.section : ''));
} else {
res.redirect('/user/' + userslug + (req.params.section ? '/' + req.params.section : ''));
}
});
} else {
next();
}
};
middleware.addSlug = function(req, res, next) { middleware.addSlug = function(req, res, next) {
function redirect(method, id, name) { function redirect(method, id, name) {
method(id, 'slug', function(err, slug) { method(id, 'slug', function(err, slug) {
@@ -114,7 +128,7 @@ middleware.checkAccountPermissions = function(req, res, next) {
// not sure if this check really should belong here. also make sure we're not doing this check again in the actual method // not sure if this check really should belong here. also make sure we're not doing this check again in the actual method
if (!uid) { if (!uid) {
if (res.locals.isAPI) { if (res.locals.isAPI) {
return res.json(404); return res.json(404, 'not-found');
} else { } else {
return res.redirect('404'); return res.redirect('404');
} }

3
src/routes/index.js
View File

@@ -73,6 +73,9 @@ function categoryRoutes(app, middleware, controllers) {
} }
function accountRoutes(app, middleware, controllers) { function accountRoutes(app, middleware, controllers) {
app.get('/user/:userslug/:section?', middleware.redirectToSelf);
app.get('/api/user/:userslug/:section?', middleware.redirectToSelf);
app.get('/user/:userslug', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount); app.get('/user/:userslug', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount);
app.get('/api/user/:userslug', middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount); app.get('/api/user/:userslug', middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount);