some login redirect shenanigans

This commit is contained in:
Evert Prants 2017-10-09 17:38:27 +03:00
parent fc78d3fdea
commit 4a6004aa7c
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
5 changed files with 24 additions and 39 deletions

9
scripts/ensureLogin.js Normal file
View File

@ -0,0 +1,9 @@
// Make sure the user is logged in
// Redirect to login page and store the current path in the session for redirecting later
function ensureLogin (req, res, next) {
if (req.session.user) return next()
req.session.redirectUri = req.originalUrl
res.redirect('/login')
}
module.exports = ensureLogin

View File

@ -1,4 +1,5 @@
import express from 'express' import express from 'express'
import ensureLogin from '../../scripts/ensureLogin'
import wrap from '../../scripts/asyncRoute' import wrap from '../../scripts/asyncRoute'
import {User} from '../api' import {User} from '../api'
import API from '../api/admin' import API from '../api/admin'
@ -7,9 +8,7 @@ const router = express.Router()
const apiRouter = express.Router() const apiRouter = express.Router()
// Check for privilege required to access the admin panel // Check for privilege required to access the admin panel
router.use(wrap(async (req, res, next) => { router.use(ensureLogin, wrap(async (req, res, next) => {
if (!req.session.user) return res.redirect('/login')
if (!req.session.privilege) { if (!req.session.privilege) {
let u = await User.get(req.session.user) let u = await User.get(req.session.user)
req.session.privilege = u.nw_privilege req.session.privilege = u.nw_privilege

View File

@ -50,7 +50,6 @@ function objectAssembler (insane) {
// Create a session and return a redirect uri if provided // Create a session and return a redirect uri if provided
function createSession (req, user) { function createSession (req, user) {
let uri = '/'
req.session.user = { req.session.user = {
id: user.id, id: user.id,
username: user.username, username: user.username,
@ -59,14 +58,6 @@ function createSession (req, user) {
avatar_file: user.avatar_file, avatar_file: user.avatar_file,
session_refresh: Date.now() + 1800000 // 30 minutes session_refresh: Date.now() + 1800000 // 30 minutes
} }
if (req.session.redirectUri) {
uri = req.session.redirectUri
} else if (req.query.redirect) {
uri = req.query.redirect
}
return uri
} }
// Either give JSON or make a redirect // Either give JSON or make a redirect
@ -94,13 +85,12 @@ router.post('/external/facebook/callback', wrap(async (req, res, next) => {
} }
// Create session // Create session
let uri = '/'
if (!req.session.user) { if (!req.session.user) {
let user = response.user let user = response.user
uri = createSession(req, user) createSession(req, user)
} }
JsonData(req, res, null, uri) JsonData(req, res, null, '/login')
})) }))
router.get('/external/facebook/remove', wrap(async (req, res) => { router.get('/external/facebook/remove', wrap(async (req, res) => {
@ -127,9 +117,6 @@ router.get('/external/twitter/login', wrap(async (req, res) => {
} }
req.session.twitter_auth = tokens req.session.twitter_auth = tokens
if (req.query.returnTo) {
req.session.twitter_auth.returnTo = req.query.returnTo
}
res.redirect('https://twitter.com/oauth/authenticate?oauth_token=' + tokens.token) res.redirect('https://twitter.com/oauth/authenticate?oauth_token=' + tokens.token)
})) }))
@ -138,7 +125,7 @@ router.get('/external/twitter/callback', wrap(async (req, res) => {
if (!config.twitter || !config.twitter.api) return res.redirect('/login') if (!config.twitter || !config.twitter.api) return res.redirect('/login')
if (!req.session.twitter_auth) return res.redirect('/login') if (!req.session.twitter_auth) return res.redirect('/login')
let ta = req.session.twitter_auth let ta = req.session.twitter_auth
let uri = ta.returnTo || '/login' let uri = '/login'
if (!req.query.oauth_verifier) { if (!req.query.oauth_verifier) {
req.flash('message', {error: true, text: 'Couldn\'t get a verifier'}) req.flash('message', {error: true, text: 'Couldn\'t get a verifier'})
@ -165,7 +152,7 @@ router.get('/external/twitter/callback', wrap(async (req, res) => {
if (!req.session.user) { if (!req.session.user) {
let user = response.user let user = response.user
uri = createSession(req, user) createSession(req, user)
} }
res.render('redirect', {url: uri}) res.render('redirect', {url: uri})
@ -193,7 +180,6 @@ router.get('/external/discord/login', wrap(async (req, res) => {
let infos = APIExtern.Discord.getAuthorizeURL() let infos = APIExtern.Discord.getAuthorizeURL()
req.session.discord_auth = { req.session.discord_auth = {
returnTo: req.query.returnTo || '/login',
state: infos.state state: infos.state
} }
@ -207,7 +193,7 @@ router.get('/external/discord/callback', wrap(async (req, res) => {
let code = req.query.code let code = req.query.code
let state = req.query.state let state = req.query.state
let da = req.session.discord_auth let da = req.session.discord_auth
let uri = da.returnTo || '/login' let uri = '/login'
if (!code) { if (!code) {
req.flash('message', {error: true, text: 'No authorization.'}) req.flash('message', {error: true, text: 'No authorization.'})
@ -239,7 +225,7 @@ router.get('/external/discord/callback', wrap(async (req, res) => {
if (!req.session.user) { if (!req.session.user) {
let user = response.user let user = response.user
uri = createSession(req, user) createSession(req, user)
} }
res.render('redirect', {url: uri}) res.render('redirect', {url: uri})

View File

@ -2,6 +2,7 @@ import fs from 'fs'
import path from 'path' import path from 'path'
import express from 'express' import express from 'express'
import RateLimit from 'express-rate-limit' import RateLimit from 'express-rate-limit'
import ensureLogin from '../../scripts/ensureLogin'
import config from '../../scripts/load-config' import config from '../../scripts/load-config'
import exists from '../../scripts/existsSync' import exists from '../../scripts/existsSync'
import wrap from '../../scripts/asyncRoute' import wrap from '../../scripts/asyncRoute'
@ -41,11 +42,10 @@ function setSession (req, user) {
function redirectLogin (req, res) { function redirectLogin (req, res) {
let uri = '/' let uri = '/'
console.log('goto', req.session.redirectUri)
if (req.session.redirectUri) { if (req.session.redirectUri) {
uri = req.session.redirectUri uri = req.session.redirectUri
delete req.session.redirectUri delete req.session.redirectUri
} else if (req.query.redirect) {
uri = req.query.redirect
} }
res.redirect(uri) res.redirect(uri)
@ -132,16 +132,11 @@ function formKeep (req, res, next) {
next() next()
} }
// Make sure the user is logged in
// Redirect to login page and store the current path in the session for redirecting later
function ensureLogin (req, res, next) {
if (req.session.user) return next()
req.session.redirectUri = req.originalUrl
res.redirect('/login')
}
router.get('/login', extraButtons, (req, res) => { router.get('/login', extraButtons, (req, res) => {
if (req.session.user) return redirectLogin(req, res) if (req.session.user) return redirectLogin(req, res)
if (req.query.returnTo) {
req.session.redirectUri = req.query.returnTo
}
res.render('user/login') res.render('user/login')
}) })

View File

@ -1,15 +1,11 @@
import express from 'express' import express from 'express'
import ensureLogin from '../../scripts/ensureLogin'
import wrap from '../../scripts/asyncRoute' import wrap from '../../scripts/asyncRoute'
import Minecraft from '../api/minecraft' import Minecraft from '../api/minecraft'
let router = express.Router() let router = express.Router()
router.get('/', wrap(async (req, res) => { router.get('/', ensureLogin, wrap(async (req, res) => {
if (!req.session.user) {
req.session.redirectUri = req.originalUrl
return res.redirect('/login')
}
let token = await Minecraft.getToken(req.session.user) let token = await Minecraft.getToken(req.session.user)
res.render('minecraft/index', {token: token.token, mcu: token.mcu}) res.render('minecraft/index', {token: token.token, mcu: token.mcu})