From ae5dd27603a89b083d39462828821d6adf6a58d0 Mon Sep 17 00:00:00 2001 From: lesion Date: Tue, 5 Mar 2019 15:17:12 +0100 Subject: [PATCH] fix #2 --- app/auth.js | 5 +++-- app/config.js | 4 ++-- client/src/App.vue | 1 - client/src/api.js | 23 +++++++++++++++++++---- server.js | 2 +- 5 files changed, 25 insertions(+), 10 deletions(-) diff --git a/app/auth.js b/app/auth.js index 54091617..efb45bc3 100644 --- a/app/auth.js +++ b/app/auth.js @@ -10,12 +10,13 @@ const Auth = { jwt.verify(token, config.secret, async (err, decoded) => { if (err) return res.status(403).send({ message: 'Failed to authenticate token ' + err }) console.log('DECODED TOKEN', decoded) - req.user = await User.findOne({ where: { email: decoded.email } }) + req.user = await User.findOne({ where: { email: decoded.email, is_active: true } }) + if (!req.user) return res.status(403).send({ message: 'Failed to authenticate token ' + err }) next() }) }, async isAdmin (req, res, next) { - if (req.user.is_admin) return next() + if (req.user.is_admin && req.user.is_active) return next() return res.status(403).send({ message: 'Admin needed' }) } } diff --git a/app/config.js b/app/config.js index d8da2e42..0a020d38 100644 --- a/app/config.js +++ b/app/config.js @@ -1,5 +1,5 @@ let db = {} -if (process.env.NODE_ENV==='production') { +if (process.env.NODE_ENV === 'production') { db = { host: process.env.DB_HOST, username: process.env.DB_USER, @@ -34,5 +34,5 @@ module.exports = { } }, - secret: process.env.SECRET + secret: process.env.SECRET || 'notsosecret' } diff --git a/client/src/App.vue b/client/src/App.vue index 4ca5811d..6849105a 100644 --- a/client/src/App.vue +++ b/client/src/App.vue @@ -87,7 +87,6 @@ html, body { scrollbar-face-color: #313543; scrollbar-track-color: rgba(0, 0, 0, 0.1); font-family: Lato,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,sans-serif; - font-size: 1.1em; color: #2c3e50; background: black; } diff --git a/client/src/api.js b/client/src/api.js index 7930294b..ed590fbf 100644 --- a/client/src/api.js +++ b/client/src/api.js @@ -1,7 +1,7 @@ import axios from 'axios' import store from './store' const api = axios.create({ - baseURL: '/api', + baseURL: process.env.NODE_ENV === 'development' ? 'http://localhost:9000/api' : '/api', withCredentials: false, responseType: 'json', headers: { @@ -11,14 +11,29 @@ const api = axios.create({ }) function get (path) { - return api.get(path, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data) + return api.get(path, { headers: { 'x-access-token': store.state.token } }) + .then(res => res.data) + .catch(e => { + if (e.response.status === 403) { + store.commit('logout') + return false + } + }) } function post (path, data) { - return api.post(path, data, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data) + return api.post(path, data, { headers: { 'x-access-token': store.state.token } }) + .then(res => res.data) + .catch(e => { + if (e.response.status === 403) { + store.commit('logout') + return false + } + }) } function put (path, data) { - return api.put(path, data, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data) + return api.put(path, data, { headers: { 'x-access-token': store.state.token } }) + .then(ret => ret.data) } function del (path) { diff --git a/server.js b/server.js index cb405799..e8817404 100644 --- a/server.js +++ b/server.js @@ -4,7 +4,7 @@ const bodyParser = require('body-parser') const api = require('./app/api') const cors = require('cors') const path = require('path') -const port = process.env.PORT || 8080 +const port = process.env.PORT || 9000 app.use(bodyParser.urlencoded({ extended: false })) app.use(bodyParser.json())