mirror of
https://github.com/sudoxnym/habitica-self-host.git
synced 2026-07-15 10:42:23 +00:00
Merge branch 'remove-auth-with-url' into release
This commit is contained in:
commit
7bd4e6a5a9
7 changed files with 21 additions and 47 deletions
|
|
@ -40,7 +40,7 @@ export default {
|
|||
...mapState({user: 'user.data', credentials: 'credentials'}),
|
||||
getCodesUrl () {
|
||||
if (!this.user) return '';
|
||||
return `/api/v4/coupons?_id=${this.user._id}&apiToken=${this.credentials.API_TOKEN}`;
|
||||
return '/api/v4/coupons';
|
||||
},
|
||||
},
|
||||
methods: {
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ export default {
|
|||
...mapState(['credentials']),
|
||||
// @TODO refactor into one single computed property
|
||||
paypalCheckoutLink () {
|
||||
return `/paypal/checkout?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}`;
|
||||
return '/paypal/checkout';
|
||||
},
|
||||
paypalSubscriptionLink () {
|
||||
return `/paypal/subscribe?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}&sub=${this.subscriptionPlan}`;
|
||||
return `/paypal/subscribe?sub=${this.subscriptionPlan}`;
|
||||
},
|
||||
paypalPurchaseLink () {
|
||||
if (!this.subscription) {
|
||||
|
|
@ -26,7 +26,7 @@ export default {
|
|||
}
|
||||
let couponString = '';
|
||||
if (this.subscription.coupon) couponString = `&coupon=${this.subscription.coupon}`;
|
||||
return `/paypal/subscribe?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}&sub=${this.subscription.key}${couponString}`;
|
||||
return `/paypal/subscribe?sub=${this.subscription.key}${couponString}`;
|
||||
},
|
||||
},
|
||||
methods: {
|
||||
|
|
@ -39,7 +39,7 @@ export default {
|
|||
if (!this.checkGemAmount(data)) return;
|
||||
|
||||
let gift = this.encodeGift(data.giftedTo, data.gift);
|
||||
const url = `/paypal/checkout?_id=${this.credentials.API_ID}&apiToken=${this.credentials.API_TOKEN}&gift=${gift}`;
|
||||
const url = `/paypal/checkout?gift=${gift}`;
|
||||
|
||||
window.open(url, '_blank');
|
||||
},
|
||||
|
|
@ -210,8 +210,6 @@ export default {
|
|||
}
|
||||
|
||||
let queryParams = {
|
||||
_id: this.user._id,
|
||||
apiToken: this.credentials.API_TOKEN,
|
||||
noRedirect: true,
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import {
|
|||
import amzLib from '../../../libs/payments/amazon';
|
||||
import {
|
||||
authWithHeaders,
|
||||
authWithUrl,
|
||||
} from '../../../middlewares/auth';
|
||||
import shared from '../../../../common';
|
||||
|
||||
|
|
@ -128,7 +127,7 @@ api.subscribe = {
|
|||
api.subscribeCancel = {
|
||||
method: 'GET',
|
||||
url: '/amazon/subscribe/cancel',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let groupId = req.query.groupId;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
import {
|
||||
authWithHeaders,
|
||||
authWithUrl,
|
||||
} from '../../../middlewares/auth';
|
||||
import {
|
||||
BadRequest,
|
||||
|
|
@ -21,7 +20,7 @@ let api = {};
|
|||
api.iapAndroidVerify = {
|
||||
method: 'POST',
|
||||
url: '/iap/android/verify',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let iapBody = req.body;
|
||||
|
|
@ -41,7 +40,7 @@ api.iapAndroidVerify = {
|
|||
api.iapSubscriptionAndroid = {
|
||||
method: 'POST',
|
||||
url: '/iap/android/subscribe',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode'));
|
||||
let user = res.locals.user;
|
||||
|
|
@ -62,7 +61,7 @@ api.iapSubscriptionAndroid = {
|
|||
api.iapCancelSubscriptionAndroid = {
|
||||
method: 'GET',
|
||||
url: '/iap/android/subscribe/cancel',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
|
|
@ -104,7 +103,7 @@ api.iapiOSVerify = {
|
|||
api.iapSubscriptioniOS = {
|
||||
method: 'POST',
|
||||
url: '/iap/ios/subscribe',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode'));
|
||||
if (!req.body.receipt) throw new BadRequest(res.t('missingReceipt'));
|
||||
|
|
@ -124,7 +123,7 @@ api.iapSubscriptioniOS = {
|
|||
api.iapCancelSubscriptioniOS = {
|
||||
method: 'GET',
|
||||
url: '/iap/ios/subscribe/cancel',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
import paypalPayments from '../../../libs/payments/paypal';
|
||||
import shared from '../../../../common';
|
||||
import {
|
||||
authWithUrl,
|
||||
authWithSession,
|
||||
authWithHeaders,
|
||||
} from '../../../middlewares/auth';
|
||||
import {
|
||||
BadRequest,
|
||||
|
|
@ -21,7 +21,7 @@ let api = {};
|
|||
api.checkout = {
|
||||
method: 'GET',
|
||||
url: '/paypal/checkout',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithSession],
|
||||
async handler (req, res) {
|
||||
let gift = req.query.gift ? JSON.parse(req.query.gift) : undefined;
|
||||
req.session.gift = req.query.gift;
|
||||
|
|
@ -75,7 +75,7 @@ api.checkoutSuccess = {
|
|||
api.subscribe = {
|
||||
method: 'GET',
|
||||
url: '/paypal/subscribe',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithSession],
|
||||
async handler (req, res) {
|
||||
if (!req.query.sub) throw new BadRequest(apiError('missingSubKey'));
|
||||
|
||||
|
|
@ -136,7 +136,7 @@ api.subscribeSuccess = {
|
|||
api.subscribeCancel = {
|
||||
method: 'GET',
|
||||
url: '/paypal/subscribe/cancel',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let groupId = req.query.groupId;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
import shared from '../../../../common';
|
||||
import {
|
||||
authWithHeaders,
|
||||
authWithUrl,
|
||||
} from '../../../middlewares/auth';
|
||||
import stripePayments from '../../../libs/payments/stripe';
|
||||
|
||||
|
|
@ -74,16 +73,18 @@ api.subscribeEdit = {
|
|||
api.subscribeCancel = {
|
||||
method: 'GET',
|
||||
url: '/stripe/subscribe/cancel',
|
||||
middlewares: [authWithUrl],
|
||||
middlewares: [authWithHeaders()],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let groupId = req.query.groupId;
|
||||
let redirect = req.query.redirect;
|
||||
|
||||
await stripePayments.cancelSubscription({user, groupId});
|
||||
|
||||
if (redirect === 'none') return res.respond(200, {});
|
||||
return res.redirect('/');
|
||||
if (req.query.noRedirect) {
|
||||
res.respond(200);
|
||||
} else {
|
||||
res.redirect('/');
|
||||
}
|
||||
},
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -97,26 +97,3 @@ export function authWithSession (req, res, next) {
|
|||
})
|
||||
.catch(next);
|
||||
}
|
||||
|
||||
export function authWithUrl (req, res, next) {
|
||||
let userId = req.query._id;
|
||||
let apiToken = req.query.apiToken;
|
||||
|
||||
// Always allow authentication with headers
|
||||
if (!userId || !apiToken) {
|
||||
if (!req.header('x-api-user') || !req.header('x-api-key')) {
|
||||
return next(new NotAuthorized(res.t('missingAuthParams')));
|
||||
} else {
|
||||
return authWithHeaders()(req, res, next);
|
||||
}
|
||||
}
|
||||
|
||||
return User.findOne({ _id: userId, apiToken }).exec()
|
||||
.then((user) => {
|
||||
if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
|
||||
|
||||
res.locals.user = user;
|
||||
return next();
|
||||
})
|
||||
.catch(next);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue