diff options
Diffstat (limited to 'bucky/app')
| -rw-r--r-- | bucky/app/bucky.js | 38 | ||||
| -rw-r--r-- | bucky/app/index.js | 14 | ||||
| -rw-r--r-- | bucky/app/router.js | 6 |
3 files changed, 24 insertions, 34 deletions
diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js index 7dac066..cf74ec2 100644 --- a/bucky/app/bucky.js +++ b/bucky/app/bucky.js @@ -384,6 +384,7 @@ var bucky = module.exports = { } db.getUserByUsername(username).then(function(user){ if (user) { + res.user = user next() } else { @@ -402,43 +403,24 @@ var bucky = module.exports = { updateProfile: function(req, res, next) { var user = res.user "realname location email phone website twitter".split(" ").forEach( (field) => { - res.user.set("field", req.body[field]) + res.user.set(field, req.body[field]) }) next() }, - changePassword: function(req, res, next) { - if (! req.body.oldpassword && ! req.body.newpassword) return next() - if (req.body.newpassword !== req.body.newpassword2) { - return res.send({ error: 'Passwords don\'t match.' }) - } - if (! auth.validPassword(res.user, req.body.oldpassword)) { - return res.send({ error: 'Password is incorrect.' }) - } - var newPassword = auth.makePassword(res.user, req.body.newpassword) - res.user.set('password', newPassword) - next() - }, uploadAvatar: function(req, res, next) { + if (! req.file) return next() + var dirname = '/bucky/profile/' upload.put({ - file: file, - preserveFilename: true, + file: req.file, + filename: req.user.get('username') + '.jpg', dirname: dirname, unacceptable: function(err){ - reject(err) + res.sendStatus({ error: 'Problem uploading avatar.' }) }, success: function(url){ - var data = { - thread: res.thread.get('id'), - username: req.user.get('username'), - filename: file.originalname, - date: util.now(), - size: file.size, - private: false, - storage: 'i.asdf.us', - } - db.createFile(data).then(function(file){ - resolve(file) - }).catch( (err) => reject(err) ) + console.log(">", url) + res.user.set('avatar', url) + next() } }) }, diff --git a/bucky/app/index.js b/bucky/app/index.js index 248679a..b600935 100644 --- a/bucky/app/index.js +++ b/bucky/app/index.js @@ -25,12 +25,16 @@ site.init = function(){ app.set('port', process.env.PORT || 5000) app.use(favicon(__dirname + '../../../public/favicon.ico')) app.use(bodyParser.json()) - app.use(cookieParser()); + app.use(cookieParser()) app.use(session({ secret: 'argonauts', proxy: true, key: 'bucky.sid', - cookie: {secure: true, domain: '.' + process.env.HOST_NAME, maxAge: 43200000000 }, + cookie: { + secure: process.env.NODE_ENV === 'production', + domain: '.' + process.env.HOST_NAME, + maxAge: 43200000000, + }, store: new MongoStore({ url: 'mongodb://localhost/buckySessionDb' // type: 'mongodb', @@ -43,7 +47,11 @@ site.init = function(){ resave: true, saveUninitialized: false, })) - app.use(csurf({ cookie: true })) + + app.use(csurf({ + cookie: true, + value: (req) => req.headers['csrf-token'], + })) app.disable('x-powered-by') app.use(express.query()) diff --git a/bucky/app/router.js b/bucky/app/router.js index dfec166..7e13cd6 100644 --- a/bucky/app/router.js +++ b/bucky/app/router.js @@ -1,3 +1,4 @@ +var multer = require('multer')() var auth = require('../util/auth') var middleware = require('../util/middleware') var fortune = require('../db/fortune') @@ -5,7 +6,6 @@ var bucky = require('./bucky') var db = require('../db') var util = require('../util/util') var search = require('../search/middleware') -var multer = require('multer')() module.exports = function(app){ app.all('*', middleware.ensureLocals) @@ -84,11 +84,11 @@ module.exports = function(app){ bucky.checkUserPrivacy, multer.single("avatar"), bucky.updateProfile, - bucky.changePassword, + auth.changePassword, bucky.uploadAvatar, bucky.saveUser, function(req, res){ - res.json(res.thread) + res.json(util.sanitizeUser(res.user)) }) /* threads */ |