KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed parameter and token issues

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-02-06 15:15:07 +01:00
parent 69b4aa4b33
commit b047ccd9ef
2 changed files with 27 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/apps/admin.js
View File

@@ -71,7 +71,7 @@ function(req, username, password, done) {
// find a user whose username is the same as the forms username // find a user whose username is the same as the forms username
// we are checking to see if the user trying to login already exists // we are checking to see if the user trying to login already exists
var token = req.param("token"); var token = req.body.token;
token_db.collection("tokens").find({token: token}, function(err, docs){ token_db.collection("tokens").find({token: token}, function(err, docs){
if(docs.length == 1){ if(docs.length == 1){
token_db.collection("tokens").remove({token: token}, function(err, docs){ token_db.collection("tokens").remove({token: token}, function(err, docs){
@@ -186,17 +186,6 @@ app.use('/', isLoggedIn, function(req, res) {
res.render('layouts/admin/authenticated', data); res.render('layouts/admin/authenticated', data);
}); });
function makeid()
{
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for( var i=0; i < 20; i++ )
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}
function isLoggedInTryingToLogIn(req, res, next){ function isLoggedInTryingToLogIn(req, res, next){
if(!req.isAuthenticated()){ if(!req.isAuthenticated()){
return next(); return next();

39
server/routing/admin/api.js
View File

@@ -4,6 +4,7 @@ var path = require('path');
var mongo_db_cred = require(path.join(__dirname, '../../config/mongo_config.js')); var mongo_db_cred = require(path.join(__dirname, '../../config/mongo_config.js'));
var mongojs = require('mongojs'); var mongojs = require('mongojs');
var db = mongojs(mongo_db_cred.config); var db = mongojs(mongo_db_cred.config);
var token_db = mongojs("tokens");
router.use(function(req, res, next) { router.use(function(req, res, next) {
next(); // make sure we go to the next routes and don't stop here next(); // make sure we go to the next routes and don't stop here
@@ -41,7 +42,7 @@ router.route('/api/descriptions').get(function(req, res){
router.route('/api/approve_thumbnail').post(function(req, res){ router.route('/api/approve_thumbnail').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var channel = req.param("channel"); var channel = req.body.channel;
db.collection("suggested_thumbnails").find({channel: channel}, function(err, docs){ db.collection("suggested_thumbnails").find({channel: channel}, function(err, docs){
var thumbnail = docs[0].thumbnail; var thumbnail = docs[0].thumbnail;
db.collection("frontpage_lists").update({_id: channel}, {$set:{thumbnail: thumbnail}}, {upsert: true}, function(err, docs){ db.collection("frontpage_lists").update({_id: channel}, {$set:{thumbnail: thumbnail}}, {upsert: true}, function(err, docs){
@@ -59,10 +60,10 @@ router.route('/api/approve_thumbnail').post(function(req, res){
router.route('/api/deny_thumbnail').post(function(req, res){ router.route('/api/deny_thumbnail').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var channel = req.param("channel"); var channel = req.body.channel;
db.collection("suggested_thumbnails").remove({channel: channel},function(err, docs){ db.collection("suggested_thumbnails").remove({channel: channel},function(err, docs){
res.send(true); res.send(true);
}); });
} else { } else {
res.send(false); res.send(false);
} }
@@ -70,7 +71,7 @@ router.route('/api/deny_thumbnail').post(function(req, res){
router.route('/api/approve_description').post(function(req, res){ router.route('/api/approve_description').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var channel = req.param("channel"); var channel = req.body.channel;
db.collection("suggested_descriptions").find({channel: channel}, function(err, docs){ db.collection("suggested_descriptions").find({channel: channel}, function(err, docs){
var description = docs[0].description; var description = docs[0].description;
db.collection("frontpage_lists").update({_id: channel}, {$set:{description: description}}, {upsert: true}, function(err, docs){ db.collection("frontpage_lists").update({_id: channel}, {$set:{description: description}}, {upsert: true}, function(err, docs){
@@ -88,7 +89,7 @@ router.route('/api/approve_description').post(function(req, res){
router.route('/api/deny_description').post(function(req, res){ router.route('/api/deny_description').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var channel = req.param("channel"); var channel = req.body.channel;
db.collection("suggested_descriptions").remove({channel: channel}, 1,function(err, docs){ db.collection("suggested_descriptions").remove({channel: channel}, 1,function(err, docs){
res.send(true); res.send(true);
}); });
@@ -99,7 +100,7 @@ router.route('/api/deny_description').post(function(req, res){
router.route('/api/remove_thumbnail').post(function(req, res){ router.route('/api/remove_thumbnail').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var channel = req.param("channel"); var channel = req.body.channel;
db.collection("frontpage_lists").update({_id: channel}, {$set:{thumbnail: ""}}, function(err, docs){ db.collection("frontpage_lists").update({_id: channel}, {$set:{thumbnail: ""}}, function(err, docs){
db.collection(channel).update({views:{$exists:true}}, {$set:{thumbnail: ""}}, function(err, docs){ db.collection(channel).update({views:{$exists:true}}, {$set:{thumbnail: ""}}, function(err, docs){
res.send(true); res.send(true);
@@ -112,7 +113,7 @@ router.route('/api/remove_thumbnail').post(function(req, res){
router.route('/api/remove_description').post(function(req, res){ router.route('/api/remove_description').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var channel = req.param("channel"); var channel = req.body.channel;
db.collection("frontpage_lists").update({_id: channel}, {$set:{description: ""}}, function(err, docs){ db.collection("frontpage_lists").update({_id: channel}, {$set:{description: ""}}, function(err, docs){
db.collection(channel).update({views:{$exists:true}}, {$set:{description: ""}}, function(err, docs){ db.collection(channel).update({views:{$exists:true}}, {$set:{description: ""}}, function(err, docs){
res.send(true); res.send(true);
@@ -135,8 +136,8 @@ router.route('/api/names').get(function(req, res) {
router.route('/api/names').post(function(req, res) { router.route('/api/names').post(function(req, res) {
if(req.isAuthenticated()) { if(req.isAuthenticated()) {
var icon = req.param("icon"); var icon = req.body.icon;
var name = req.param("name"); var name = req.body.name;
db.collection("registered_users").update({_id: name}, {$set: {icon: icon}}, function(err, docs) { db.collection("registered_users").update({_id: name}, {$set: {icon: icon}}, function(err, docs) {
if(err) res.send(false); if(err) res.send(false);
else res.send(true); else res.send(true);
@@ -165,7 +166,7 @@ router.route('/api/token').get(function(req, res){
router.route('/api/delete').post(function(req, res){ router.route('/api/delete').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var list = req.param("_id"); var list = req.body._id;
db.collection(list).drop(function(err, docs){ db.collection(list).drop(function(err, docs){
db.collection("frontpage_lists").remove({_id: list}, function(err, docs){ db.collection("frontpage_lists").remove({_id: list}, function(err, docs){
res.send(true); res.send(true);
@@ -194,7 +195,7 @@ router.route('/api/remove_token').get(function(req, res){
router.route('/api/pinned').post(function(req, res){ router.route('/api/pinned').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var to_pin = req.param("_id"); var to_pin = req.body._id;
db.collection("frontpage_lists").update({pinned:1}, {$set:{pinned:0}}, function(err, resp){ db.collection("frontpage_lists").update({pinned:1}, {$set:{pinned:0}}, function(err, resp){
db.collection("frontpage_lists").update({_id:to_pin}, {$set:{pinned:1}}, function(err, resp){ db.collection("frontpage_lists").update({_id:to_pin}, {$set:{pinned:1}}, function(err, resp){
res.send(true); res.send(true);
@@ -207,7 +208,7 @@ router.route('/api/pinned').post(function(req, res){
router.route('/api/admin').post(function(req, res){ router.route('/api/admin').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var to_remove = req.param("_id"); var to_remove = req.body._id;
db.collection(to_remove).update({views: {$exists: true}}, {$set:{adminpass: ""}}, function(err, docs){ db.collection(to_remove).update({views: {$exists: true}}, {$set:{adminpass: ""}}, function(err, docs){
res.send(true); res.send(true);
}); });
@@ -218,7 +219,7 @@ router.route('/api/admin').post(function(req, res){
router.route('/api/userpass').post(function(req, res){ router.route('/api/userpass').post(function(req, res){
if(req.isAuthenticated()){ if(req.isAuthenticated()){
var to_remove = req.param("_id"); var to_remove = req.body._id;
db.collection(to_remove).update({views: {$exists: true}}, {$set:{userpass: ""}}, function(err, docs){ db.collection(to_remove).update({views: {$exists: true}}, {$set:{userpass: ""}}, function(err, docs){
res.send(true); res.send(true);
}); });
@@ -227,4 +228,16 @@ router.route('/api/userpass').post(function(req, res){
} }
}); });
function makeid()
{
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for( var i=0; i < 20; i++ )
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}
module.exports = router; module.exports = router;