403 if not logged in, show error

2025-11-02 12:05:57 +01:00 · 2016-07-11 13:03:47 +03:00
parent 7b86fd3dc0
commit fcf145fc81
3 changed files with 32 additions and 25 deletions
--- a/src/controllers/api.js
+++ b/src/controllers/api.js
@@ -12,6 +12,7 @@ var categories = require('../categories');
 var privileges = require('../privileges');
 var plugins = require('../plugins');
 var widgets = require('../widgets');
+var helpers = require('../controllers/helpers');
 var accountHelpers = require('../controllers/accounts/helpers');

 var apiController = {};
@@ -220,6 +221,9 @@ apiController.getObject = function(req, res, next) {
 };

 apiController.getCurrentUser = function(req, res, next) {
+	if (!req.uid) {
+		return helpers.notAllowed(req, res);
+	}
 	async.waterfall([
 		function(next) {
 			user.getUserField(req.uid, 'userslug', next);
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -3,8 +3,8 @@
 var nconf = require('nconf');
 var async = require('async');
 var validator = require('validator');
+var winston = require('winston');

-var translator = require('../../public/src/modules/translator');
 var categories = require('../categories');
 var plugins = require('../plugins');
 var meta = require('../meta');
@@ -17,6 +17,9 @@ helpers.notAllowed = function(req, res, error) {
 		res: res,
 		error: error
 	}, function(err, data) {
+		if (err) {
+			return winston.error(err);
+		}
 		if (req.uid) {
 			if (res.locals.isAPI) {
 				res.status(403).json({
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@@ -1,29 +1,29 @@
 "use strict";

-var app,
-	middleware = {
+var app;
+var middleware = {
 	admin: {}
-	},
-	async = require('async'),
-	fs = require('fs'),
-	path = require('path'),
-	csrf = require('csurf'),
-	_ = require('underscore'),
+};
+var async = require('async');
+var fs = require('fs');
+var path = require('path');
+var csrf = require('csurf');
+var _ = require('underscore');

-	validator = require('validator'),
-	nconf = require('nconf'),
-	ensureLoggedIn = require('connect-ensure-login'),
-	toobusy = require('toobusy-js'),
+var validator = require('validator');
+var nconf = require('nconf');
+var ensureLoggedIn = require('connect-ensure-login');
+var toobusy = require('toobusy-js');

-	plugins = require('../plugins'),
-	languages = require('../languages'),
-	meta = require('../meta'),
-	user = require('../user'),
-	groups = require('../groups'),
+var plugins = require('../plugins');
+var languages = require('../languages');
+var meta = require('../meta');
+var user = require('../user');
+var groups = require('../groups');

-	analytics = require('../analytics'),
+var analytics = require('../analytics');

-	controllers = {
+var controllers = {
 	api: require('./../controllers/api'),
 	helpers: require('../controllers/helpers')
 };
@@ -322,7 +322,7 @@ middleware.processLanguages = function(req, res, next) {
 	if (code && key) {
 		languages.get(code, key[0], function(err, language) {
 			res.status(200).json(language);
-		})
+		});
 	} else {
 		res.status(404).json('{}');
 	}