sudoxreboot/habitica-self-host
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica-self-host.git synced 2026-05-20 04:38:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

API: safe-guarding against POSTing to create 3rd-party tasks with no {type} value

Browse source
This commit is contained in:
Tyler Renelle 2013-12-25 10:36:18 -07:00
parent e9b0ccc057
commit 8aacb37e2c
1 changed files with 6 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/controllers/user.js
View file

@ -66,20 +66,16 @@ api.score = function(req, res, next) {
}
} else {
// If it doesn't exist, this is likely a 3rd party up/down - create a new one, then score it
// Defaults. Other defaults are handled in user.ops.addTask()
task = {
id: id,
value: 0,
type: req.body.type || 'habit',
text: req.body.title || id,
notes: "This task was created by a third-party service. Feel free to edit, it won't harm the connection to that service. Additionally, multiple services may piggy-back off this task."
type: req.body && req.body.type,
text: req.body && req.body.text,
notes: (req.body.notes && req.body.notes) || "This task was created by a third-party service. Feel free to edit, it won't harm the connection to that service. Additionally, multiple services may piggy-back off this task."
};
if (task.type === 'habit') {
task.up = task.down = true;
}
if (task.type === 'daily' || task.type === 'todo') {
task.completed = direction === 'up';
}
task = user.ops.addTask({body:task});
if (task.type === 'daily' || task.type === 'todo')
task.completed = direction === 'up';
}
var delta = user.ops.score({params:{id:task.id, direction:direction}});