fix #2

2025-01-31 16:42:22 +01:00 · 2019-03-05 15:17:12 +01:00 · 2019-03-05 15:17:12 +01:00 · ae5dd27603
commit ae5dd27603
parent 6683409e93
5 changed files with 25 additions and 10 deletions
--- a/app/auth.js
+++ b/app/auth.js
@ -10,12 +10,13 @@ const Auth = {
    jwt.verify(token, config.secret, async (err, decoded) => {
      if (err) return res.status(403).send({ message: 'Failed to authenticate token ' + err })
      console.log('DECODED TOKEN', decoded)
-      req.user = await User.findOne({ where: { email: decoded.email } })
+      req.user = await User.findOne({ where: { email: decoded.email, is_active: true } })
+      if (!req.user) return res.status(403).send({ message: 'Failed to authenticate token ' + err })
      next()
    })
  },
  async isAdmin (req, res, next) {
-    if (req.user.is_admin) return next()
+    if (req.user.is_admin && req.user.is_active) return next()
    return res.status(403).send({ message: 'Admin needed' })
  }
 }
--- a/app/config.js
+++ b/app/config.js
@ -1,5 +1,5 @@
 let db = {}
-if (process.env.NODE_ENV==='production') {
+if (process.env.NODE_ENV === 'production') {
  db = {
    host: process.env.DB_HOST,
    username: process.env.DB_USER,
@ -34,5 +34,5 @@ module.exports = {
    }
  },

-  secret: process.env.SECRET
+  secret: process.env.SECRET || 'notsosecret'
 }
--- a/client/src/App.vue
+++ b/client/src/App.vue
@ -87,7 +87,6 @@ html, body {
  scrollbar-face-color: #313543;
  scrollbar-track-color: rgba(0, 0, 0, 0.1); 
  font-family: Lato,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,sans-serif;
-  font-size: 1.1em;
  color: #2c3e50;
  background: black;
 }
--- a/client/src/api.js
+++ b/client/src/api.js
@ -1,7 +1,7 @@
 import axios from 'axios'
 import store from './store'
 const api = axios.create({
-  baseURL: '/api',
+  baseURL: process.env.NODE_ENV === 'development' ? 'http://localhost:9000/api' : '/api',
  withCredentials: false,
  responseType: 'json',
  headers: {
@ -11,14 +11,29 @@ const api = axios.create({
 })

 function get (path) {
-  return api.get(path, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data)
+  return api.get(path, { headers: { 'x-access-token': store.state.token } })
+    .then(res => res.data)
+    .catch(e => {
+      if (e.response.status === 403) {
+        store.commit('logout')
+        return false
+      }
+    })
 }

 function post (path, data) {
-  return api.post(path, data, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data)
+  return api.post(path, data, { headers: { 'x-access-token': store.state.token } })
+    .then(res => res.data)
+    .catch(e => {
+      if (e.response.status === 403) {
+        store.commit('logout')
+        return false
+      }
+    })
 }
 function put (path, data) {
-  return api.put(path, data, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data)
+  return api.put(path, data, { headers: { 'x-access-token': store.state.token } })
+    .then(ret => ret.data)
 }

 function del (path) {
--- a/server.js
+++ b/server.js
@ -4,7 +4,7 @@ const bodyParser = require('body-parser')
 const api = require('./app/api')
 const cors = require('cors')
 const path = require('path')
-const port = process.env.PORT || 8080
+const port = process.env.PORT || 9000

 app.use(bodyParser.urlencoded({ extended: false }))
 app.use(bodyParser.json())