xfarrow/blink
0
0
Fork 0
mirror of https://github.com/xfarrow/blink synced 2025-04-23 18:17:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

small update

Browse Source
This commit is contained in:
xfarrow 2024-02-12 17:31:39 +01:00
parent 82a6d5cbe1
commit 2d5ff1137d
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/apis/nodejs/api_controller.js
View File

@ -93,7 +93,7 @@ async function login(req, res){
if (person){ if (person){
const token = generateToken(person.id); const token = generateToken(person.id);
res.status(200).json({ token }); res.status(200).json({token: token });
} }
else{ else{
res.status(401).json({error : "Unauthorized"}); res.status(401).json({error : "Unauthorized"});
@ -109,6 +109,7 @@ async function getPerson(req, res){
.first(); .first();
if(user){ if(user){
// TODO: Check first whether req.jwt.person_id matches req.params.id before requesting the user from the database
if(user.id == req.jwt.person_id || user.enabled){ if(user.id == req.jwt.person_id || user.enabled){
delete user['password']; // remove password field for security reasons delete user['password']; // remove password field for security reasons
return res.status(200).send(user); return res.status(200).send(user);
@ -467,6 +468,7 @@ async function checkUserCredentials(email, password){
} }
function generateToken(person_id) { function generateToken(person_id) {
// The payload the JWT will carry within itself
const payload = { const payload = {
person_id: person_id person_id: person_id
}; };