fix #2

app/auth.js

@@ -10,12 +10,13 @@ const Auth = {
     jwt.verify(token, config.secret, async (err, decoded) => {
       if (err) return res.status(403).send({ message: 'Failed to authenticate token ' + err })
       console.log('DECODED TOKEN', decoded)
-      req.user = await User.findOne({ where: { email: decoded.email } })
+      req.user = await User.findOne({ where: { email: decoded.email, is_active: true } })
+      if (!req.user) return res.status(403).send({ message: 'Failed to authenticate token ' + err })
       next()
     })
   },
   async isAdmin (req, res, next) {
-    if (req.user.is_admin) return next()
+    if (req.user.is_admin && req.user.is_active) return next()
     return res.status(403).send({ message: 'Admin needed' })
   }
 }

app/config.js

@@ -1,5 +1,5 @@
 let db = {}
-if (process.env.NODE_ENV==='production') {
+if (process.env.NODE_ENV === 'production') {
   db = {
     host: process.env.DB_HOST,
     username: process.env.DB_USER,
@@ -34,5 +34,5 @@ module.exports = {
     }
   },
 
-  secret: process.env.SECRET
+  secret: process.env.SECRET || 'notsosecret'
 }

client/src/App.vue

@@ -87,7 +87,6 @@ html, body {
   scrollbar-face-color: #313543;
   scrollbar-track-color: rgba(0, 0, 0, 0.1); 
   font-family: Lato,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,sans-serif;
-  font-size: 1.1em;
   color: #2c3e50;
   background: black;
 }

client/src/api.js

@@ -1,7 +1,7 @@
 import axios from 'axios'
 import store from './store'
 const api = axios.create({
-  baseURL: '/api',
+  baseURL: process.env.NODE_ENV === 'development' ? 'http://localhost:9000/api' : '/api',
   withCredentials: false,
   responseType: 'json',
   headers: {
@@ -11,14 +11,29 @@ const api = axios.create({
 })
 
 function get (path) {
-  return api.get(path, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data)
+  return api.get(path, { headers: { 'x-access-token': store.state.token } })
+    .then(res => res.data)
+    .catch(e => {
+      if (e.response.status === 403) {
+        store.commit('logout')
+        return false
+      }
+    })
 }
 
 function post (path, data) {
-  return api.post(path, data, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data)
+  return api.post(path, data, { headers: { 'x-access-token': store.state.token } })
+    .then(res => res.data)
+    .catch(e => {
+      if (e.response.status === 403) {
+        store.commit('logout')
+        return false
+      }
+    })
 }
 function put (path, data) {
-  return api.put(path, data, { headers: { 'x-access-token': store.state.token } }).then(ret => ret.data)
+  return api.put(path, data, { headers: { 'x-access-token': store.state.token } })
+    .then(ret => ret.data)
 }
 
 function del (path) {

server.js

@@ -4,7 +4,7 @@ const bodyParser = require('body-parser')
 const api = require('./app/api')
 const cors = require('cors')
 const path = require('path')
-const port = process.env.PORT || 8080
+const port = process.env.PORT || 9000
 
 app.use(bodyParser.urlencoded({ extended: false }))
 app.use(bodyParser.json())