KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-12-08 20:48:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Locking down some paths not meant to be seen with url

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-02-28 14:25:33 +01:00
parent 9268db4bcc
commit 7b66575ea8
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/apps/admin.js
View File

@@ -183,6 +183,14 @@ app.use('/logout', function(req, res) {
res.redirect('/login'); res.redirect('/login');
}); });
app.use('/assets/admin/authenticated', function(req, res, next) {
if(!req.isAuthenticated()) {
res.sendStatus(403);
return;
}
return next();
});
app.use('/assets', express.static(publicPath + '/assets')); app.use('/assets', express.static(publicPath + '/assets'));
app.use('/', isLoggedIn, function(req, res) { app.use('/', isLoggedIn, function(req, res) {

10
server/apps/client.js
View File

@@ -86,6 +86,16 @@ app.use('/', ico_router);
app.use('/', api); app.use('/', api);
app.use('/', router); app.use('/', router);
app.use('/assets/js', function(req, res, next) {
res.sendStatus(403);
return;
});
app.use('/assets/admin', function(req, res, next) {
res.sendStatus(403);
return;
});
app.use('/assets', express.static(publicPath + '/assets')); app.use('/assets', express.static(publicPath + '/assets'));
app.use(function (req, res, next) { app.use(function (req, res, next) {