zoriya/flood
1
0
Fork 0
mirror of https://github.com/zoriya/flood.git synced 2026-05-30 02:06:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

server: auth: fix subsequent user creation

Browse Source
This commit is contained in:
Jesse Chan
2020-10-11 00:30:24 +08:00
parent b53910d8b2
commit d17e3fee08
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/routes/api/auth.ts
+10 -5
View File
@@ -5,7 +5,7 @@ import passport from 'passport';
import type {Response} from 'express';
import type {AuthRegisterOptions, AuthUpdateUserOptions} from '@shared/types/api/auth';
import type {Credentials} from '@shared/types/Auth';
import type {Credentials, UserInDatabase} from '@shared/types/Auth';
import ajaxUtil from '../../util/ajaxUtil';
import config from '../../../config';
@@ -93,16 +93,21 @@ router.post('/authenticate', (req, res) => {
});
// Allow unauthenticated registration if no users are currently registered.
router.use('/register', (req, _res, next) => {
router.use('/register', (req, res, next) => {
Users.initialUserGate({
handleInitialUser: () => {
next();
},
handleSubsequentUser: () => {
passport.authenticate('jwt', {session: false}, (passportReq, passportRes) => {
passport.authenticate('jwt', {session: false}, (err, user: UserInDatabase) => {
if (err || !user) {
res.status(401).send('Unauthorized');
return;
}
req.user = user;
// Only admin users can create users
requireAdmin(passportReq, passportRes, next);
});
requireAdmin(req, res, next);
})(req, res, next);
},
});
});