KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added error-message if trying to send token that doesn't exist

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-03-03 16:39:18 +01:00
parent dea93456b0
commit 7d10360c81
1 changed files with 36 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
server/routing/client/api.js
View File

@@ -147,7 +147,10 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
authorized = true; authorized = true;
} }
if(token != "" && !authorized) {
res.status(403).send(JSON.stringify(error.not_authenticated));
return;
}
checkTimeout(guid, res, authorized, "DELETE", function() { checkTimeout(guid, res, authorized, "DELETE", function() {
validateLogin(adminpass, userpass, channel_name, "delete", res, function(exists) { validateLogin(adminpass, userpass, channel_name, "delete", res, function(exists) {
if(!exists) { if(!exists) {
@@ -239,6 +242,10 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
authorized = true; authorized = true;
} }
if(token != "" && !authorized) {
res.status(403).send(JSON.stringify(error.not_authenticated));
return;
}
checkTimeout(guid, res, authorized, "CONFIG", function() { checkTimeout(guid, res, authorized, "CONFIG", function() {
validateLogin(adminpass, userpass, channel_name, "config", res, function(exists, conf) { validateLogin(adminpass, userpass, channel_name, "config", res, function(exists, conf) {
if(!exists && conf.length == 0) { if(!exists && conf.length == 0) {
@@ -331,7 +338,10 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
authorized = true; authorized = true;
} }
if(token != "" && !authorized) {
res.status(403).send(JSON.stringify(error.not_authenticated));
return;
}
checkTimeout(guid, res, authorized, "PUT", function() { checkTimeout(guid, res, authorized, "PUT", function() {
validateLogin(adminpass, userpass, channel_name, "vote", res, function(exists) { validateLogin(adminpass, userpass, channel_name, "vote", res, function(exists) {
if(!exists) { if(!exists) {
@@ -395,6 +405,10 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) {
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
authorized = true; authorized = true;
} }
if(token != "" && !authorized) {
res.status(403).send(JSON.stringify(error.not_authenticated));
return;
}
checkTimeout(guid, res, authorized, "POST", function() { checkTimeout(guid, res, authorized, "POST", function() {
db.collection(channel_name).find({now_playing: true}, toShowChannel, function(err, list) { db.collection(channel_name).find({now_playing: true}, toShowChannel, function(err, list) {
if(list.length > 0) { if(list.length > 0) {
@@ -403,7 +417,7 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) {
res.status(404).send(JSON.stringify(error.not_found.list)); res.status(404).send(JSON.stringify(error.not_found.list));
return; return;
} else if(conf[0].userpass != userpass && conf[0].userpass != "") { } else if(conf[0].userpass != userpass && conf[0].userpass != "") {
res.status(404).send(JSON.stringify(error.not_authenticated)); res.status(403).send(JSON.stringify(error.not_authenticated));
return; return;
} }
updateTimeout(guid, res, authorized, "POST", function(err, docs) { updateTimeout(guid, res, authorized, "POST", function(err, docs) {
@@ -468,6 +482,10 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
authorized = true; authorized = true;
} }
if(token != "" && !authorized) {
res.status(403).send(JSON.stringify(error.not_authenticated));
return;
}
checkTimeout(guid, res, authorized, "POST", function() { checkTimeout(guid, res, authorized, "POST", function() {
var type = fetch_only ? "fetch_song" : "add"; var type = fetch_only ? "fetch_song" : "add";
validateLogin(adminpass, userpass, channel_name, type, res, function(exists, conf, authenticated) { validateLogin(adminpass, userpass, channel_name, type, res, function(exists, conf, authenticated) {
@@ -558,7 +576,7 @@ router.route('/api/list/:channel_name').get(function(req, res) {
res.status(404).send(JSON.stringify(error.not_found.list)); res.status(404).send(JSON.stringify(error.not_found.list));
return; return;
} else if(conf[0].userpass != "" && conf[0].userpass != undefined) { } else if(conf[0].userpass != "" && conf[0].userpass != undefined) {
res.status(404).send(JSON.stringify(error.not_authenticated)); res.status(403).send(JSON.stringify(error.not_authenticated));
return; return;
} }
var to_return = error.no_error; var to_return = error.no_error;
@@ -588,7 +606,7 @@ router.route('/api/list/:channel_name/:video_id').get(function(req, res) {
res.status(404).send(JSON.stringify(error.not_found.list)); res.status(404).send(JSON.stringify(error.not_found.list));
return; return;
} else if(conf[0].userpass != "" && conf[0].userpass != undefined) { } else if(conf[0].userpass != "" && conf[0].userpass != undefined) {
res.status(404).send(JSON.stringify(error.not_authenticated)); res.status(403).send(JSON.stringify(error.not_authenticated));
return; return;
} }
if(docs.length == 0) { if(docs.length == 0) {
@@ -626,7 +644,7 @@ router.route('/api/conf/:channel_name').get(function(req, res) {
to_return.results = conf; to_return.results = conf;
res.status(200).send(JSON.stringify(to_return)); res.status(200).send(JSON.stringify(to_return));
} else if(docs.length > 0 && docs[0].userpass != "" && docs[0].userpass != undefined){ } else if(docs.length > 0 && docs[0].userpass != "" && docs[0].userpass != undefined){
res.status(404).send(JSON.stringify(error.not_authenticated)); res.status(403).send(JSON.stringify(error.not_authenticated));
return; return;
} else { } else {
res.status(404).send(JSON.stringify(error.not_found.list)); res.status(404).send(JSON.stringify(error.not_found.list));
@@ -664,6 +682,10 @@ router.route('/api/conf/:channel_name').post(function(req, res) {
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
authorized = true; authorized = true;
} }
if(token != "" && !authorized) {
res.status(403).send(JSON.stringify(error.not_authenticated));
return;
}
checkTimeout(guid, res, authorized, "POST", function() { checkTimeout(guid, res, authorized, "POST", function() {
db.collection(channel_name + "_settings").find({ id: "config" }, toShowConfig, function(err, docs) { db.collection(channel_name + "_settings").find({ id: "config" }, toShowConfig, function(err, docs) {
if(docs.length > 0 && docs[0].userpass == userpass) { if(docs.length > 0 && docs[0].userpass == userpass) {
@@ -684,7 +706,7 @@ router.route('/api/conf/:channel_name').post(function(req, res) {
res.status(200).send(JSON.stringify(to_return)); res.status(200).send(JSON.stringify(to_return));
}); });
} else if(docs.length > 0 && docs[0].userpass != userpass) { } else if(docs.length > 0 && docs[0].userpass != userpass) {
res.status(404).send(JSON.stringify(error.not_authenticated)); res.status(403).send(JSON.stringify(error.not_authenticated));
return; return;
} else { } else {
res.status(404).send(JSON.stringify(error.not_found.list)); res.status(404).send(JSON.stringify(error.not_found.list));
@@ -725,6 +747,10 @@ router.route('/api/list/:channel_name').post(function(req, res) {
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
authorized = true; authorized = true;
} }
if(token != "" && !authorized) {
res.status(403).send(JSON.stringify(error.not_authenticated));
return;
}
checkTimeout(guid, res, authorized, "POST", function() { checkTimeout(guid, res, authorized, "POST", function() {
db.collection(channel_name).find({views: {$exists: false}}, toShowChannel, function(err, list) { db.collection(channel_name).find({views: {$exists: false}}, toShowChannel, function(err, list) {
if(list.length > 0) { if(list.length > 0) {
@@ -733,17 +759,19 @@ router.route('/api/list/:channel_name').post(function(req, res) {
res.status(404).send(JSON.stringify(error.not_found.list)); res.status(404).send(JSON.stringify(error.not_found.list));
return; return;
} else if(conf[0].userpass != userpass && conf[0].userpass != "") { } else if(conf[0].userpass != userpass && conf[0].userpass != "") {
res.status(404).send(JSON.stringify(error.not_authenticated)); res.status(403).send(JSON.stringify(error.not_authenticated));
return; return;
} }
updateTimeout(guid, res, authorized, "POST", function(err, docs) { updateTimeout(guid, res, authorized, "POST", function(err, docs) {
var to_return = error.no_error; var to_return = error.no_error;
to_return.results = list; to_return.results = list;
res.status(200).send(JSON.stringify(to_return)); res.status(200).send(JSON.stringify(to_return));
return;
}); });
}); });
} else { } else {
res.status(404).send(JSON.stringify(error.not_found.list)); res.status(404).send(JSON.stringify(error.not_found.list));
return;
} }
}); });
}); });