t1meshift
/
expressCart
mirror of https://github.com/t1meshift/expressCart.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Validate API key in requests

master
Mark Moffat 2019-06-15 10:25:23 +09:30
parent 005b57106c
commit 948ff11030
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/common.js
View File

@ -53,13 +53,35 @@ exports.restrict = (req, res, next) => {
exports.checkLogin(req, res, next); exports.checkLogin(req, res, next);
}; };
exports.checkLogin = (req, res, next) => { exports.checkLogin = async (req, res, next) => {
const db = req.app.db;
// if not protecting we check for public pages and don't checkLogin // if not protecting we check for public pages and don't checkLogin
if(req.session.needsSetup === true){ if(req.session.needsSetup === true){
res.redirect('/admin/setup'); res.redirect('/admin/setup');
return; return;
} }
// If API key, check for a user
if(req.headers.apikey){
try{
const user = await db.users.findOne({
apiKey: ObjectId(req.headers.apikey),
isAdmin: true
});
if(!user){
res.status(400).json({message: 'Access denied'});
return;
}
// Set API authenticated in the req
req.apiAuthenticated = true;
next();
return;
}catch(ex){
res.status(400).json({message: 'Access denied'});
return;
}
}
if(req.session.user){ if(req.session.user){
next(); next();
return; return;
@ -263,10 +285,18 @@ exports.getConfig = () => {
exports.getPaymentConfig = () => { exports.getPaymentConfig = () => {
let siteConfig = this.getConfig(); let siteConfig = this.getConfig();
const gateConfigFile = path.join(__dirname, '../config', `${siteConfig.paymentGateway}.json`);
let config = []; let config = [];
if(fs.existsSync(path.join(__dirname, '../config/' + siteConfig.paymentGateway + '.json'))){ if(fs.existsSync(gateConfigFile)){
config = JSON.parse(fs.readFileSync(path.join(__dirname, '../config/' + siteConfig.paymentGateway + '.json'), 'utf8')); config = JSON.parse(fs.readFileSync(gateConfigFile, 'utf8'));
}
// If a local config we combine the objects. Local configs are .gitignored
let localConfig = path.join(__dirname, '../config', `${siteConfig.paymentGateway}-local.json`);
if(fs.existsSync(localConfig)){
const localConfigObj = JSON.parse(fs.readFileSync(localConfig, 'utf8'));
config = Object.assign(config, localConfigObj);
} }
return config; return config;