7 jaren geleden · 82a561bd4c
--- a/server/controllers/authController.js
+++ b/server/controllers/authController.js
@@ -4,6 +4,7 @@ const passport = require('passport');
 
				 const JWT = require('jsonwebtoken');
			
 
				 const axios = require('axios');
			
 
				 const config = require('../config');
			
 
				+const { isAdmin } = require('../utils');
			
 
				 const transporter = require('../mail/mail');
			
 
				 const { resetMailText, verifyMailText } = require('../mail/text');
			
 
				 const {
			
@@ -33,6 +34,7 @@ const signToken = user =>
 
				       iss: 'ApiAuth',
			
 
				       sub: user.email,
			
 
				       domain: user.domain || '',
			
 
				+      admin: isAdmin(user.email),
			
 
				       iat: new Date().getTime(),
			
 
				       exp: new Date().setDate(new Date().getDate() + 7),
			
 
				     },
			
@@ -46,10 +48,19 @@ const authenticate = (type, error, isStrict = true) =>
 
				     return passport.authenticate(type, (err, user) => {
			
 
				       if (err) return res.status(400);
			
 
				       if (!user && isStrict) return res.status(401).json({ error });
			
 
				-      if (user.banned) {
			
 
				+      if (user && isStrict && !user.verified) {
			
 
				+        return res.status(400).json({ error: 'Your email address is not verified.' });
			
 
				+      }
			
 
				+      if (user && user.banned) {
			
 
				         return res.status(400).json({ error: 'Your are banned from using this website.' });
			
 
				       }
			
 
				-      req.user = user;
			
 
				+      if (user) {
			
 
				+        req.user = {
			
 
				+          ...user,
			
 
				+          admin: isAdmin(user.email),
			
 
				+        };
			
 
				+        return next();
			
 
				+      }
			
 
				       return next();
			
 
				     })(req, res, next);
			
 
				   };
			
@@ -81,6 +92,13 @@ exports.recaptcha = async (req, res, next) => {
 
				   return next();
			
 
				 };
			
 
				 
			
 
				+exports.authAdmin = async (req, res, next) => {
			
 
				+  if (!req.user.admin) {
			
 
				+    return res.status(401).json({ error: 'Unauthorized.' });
			
 
				+  }
			
 
				+  return next();
			
 
				+};
			
 
				+
			
 
				 exports.signup = async (req, res) => {
			
 
				   const { email, password } = req.body;
			
 
				   if (password.length > 64) {
			
--- a/server/utils/index.js
+++ b/server/utils/index.js
@@ -8,3 +8,5 @@ exports.addProtocol = url => {
 
				 
			
 
				 exports.generateShortUrl = (id, domain) =>
			
 
				   `http${!domain ? 's' : ''}://${domain || config.DEFAULT_DOMAIN}/${id}`;
			
 
				+
			
 
				+exports.isAdmin = email => config.ADMIN_EMAILS.includes(email);