Skip to content

Commit c5ca162

Browse files
SwaggerooSwaggeroo
committed
ban and auth db connection
1 parent 0603131 commit c5ca162

2 files changed

Lines changed: 21 additions & 18 deletions

File tree

middleware/auth.js

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
const jwt = require('jsonwebtoken');
22
const fs = require("fs");
33
const authDebug = require('debug')('app:auth');
4+
//Services
5+
const dbAdapter = require('../services/dbAdapter');
46

57
module.exports = async function (req, res, next) {
68
const token = req.header('x-auth-token');
@@ -17,24 +19,23 @@ module.exports = async function (req, res, next) {
1719
authDebug("400 - Token expired");
1820
return res.status(400).send('Token expired.');
1921
}
22+
req.user.sub = 1;
23+
let user = await dbAdapter.getUserById(req.user.sub);
2024

25+
if(user.banned) {
26+
authDebug("403 - User banned");
27+
return res.status(403).send('User banned.');
28+
}
2129

22-
//TODO get User
23-
24-
//if(user.banned){
25-
// authDebug("403 - User banned");
26-
// return res.status(403).send('User banned.');
27-
//}
28-
29-
//if (user.lastSecurityUpdate && req.user.iat*1000 < new Date(user.lastSecurityUpdate.valueOf())-5000) {
30-
// authDebug("400 - Token expired");
31-
// return res.status(400).send('Token expired.');
32-
//}
30+
if (user.last_security_change && req.user.iat*1000 < new Date(user.last_security_change.valueOf())-5000) {
31+
authDebug("400 - Token expired");
32+
return res.status(400).send('Token expired.');
33+
}
3334

34-
//if(user.otp_enabled && user.otp_verified && !req.user.otp && !(req.originalUrl === "/api/otp/verify")){
35-
// authDebug("403 - OTP required");
36-
// return res.status(403).send('OTP required.');
37-
//}
35+
if(user.totp_secret !== undefined && user.totp_confirmed && !req.user.otp && !(req.originalUrl === "/api/otp/verify")){
36+
authDebug("403 - OTP required");
37+
return res.status(403).send('OTP required.');
38+
}
3839

3940
next();
4041
} catch (ex) {

routes/ban.js

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@ const express = require('express');
22
const router = express.Router();
33
const debugRoute = require('debug')('app:route');
44
const _ = require('lodash');
5+
//Services
6+
const dbAdapter = require('../services/dbAdapter');
57
//Middleware
68
const auth = require('../middleware/auth');
79
const admin = require('../middleware/admin');
@@ -13,16 +15,16 @@ router.post('/:id', [auth,admin], async (req, res) => {
1315
return res.status(400).send("You can't ban yourself");
1416
}
1517

16-
//TODO GET USER
17-
let user = {};
18+
let user = await dbAdapter.getUserById(req.params.id);
19+
1820
if (!user) {
1921
debugRoute("POST /api/ban - 404 - User not found");
2022
return res.status(404).send('User not found.');
2123
}
2224

2325
user.banned = true;
2426

25-
//TODO push to database
27+
await dbAdapter.updateUser(user);
2628

2729
debugRoute("POST /api/ban - 200 - User banned");
2830

0 commit comments

Comments
 (0)