Remove authorization from specific routes (#642)

shinytang6 · catarak · commit d5856ba923d4 · 2018-05-29T21:37:10.000-07:00
* fixes #569 * update listObjectsInS3ForUser * update client-side routes * update aws controller * update * redirect to /login when unlogged in
diff --git a/client/components/Nav.jsx b/client/components/Nav.jsx
@@ -478,7 +478,7 @@ class Nav extends React.PureComponent {
                 </li>
                 <li className="nav__dropdown-item">
                   <Link
-                    to={`/${this.props.user.username}/assets`}
+                    to="/assets"
                     onFocus={this.handleFocus.bind(this, 'account')}
                     onBlur={this.handleBlur}
                     onClick={this.setDropdown.bind(this, 'none')}
@@ -488,7 +488,7 @@ class Nav extends React.PureComponent {
                 </li>
                 <li className="nav__dropdown-item">
                   <Link
-                    to={`/${this.props.user.username}/account`}
+                    to="/account"
                     onFocus={this.handleFocus.bind(this, 'account')}
                     onBlur={this.handleBlur}
                     onClick={this.setDropdown.bind(this, 'none')}
diff --git a/client/modules/IDE/actions/assets.js b/client/modules/IDE/actions/assets.js
@@ -11,9 +11,9 @@ function setAssets(assets) {
   };
 }
 
-export function getAssets(username) {
+export function getAssets() {
   return (dispatch, getState) => {
-    axios.get(`${ROOT_URL}/S3/${username}/objects`, { withCredentials: true })
+    axios.get(`${ROOT_URL}/S3/objects`, { withCredentials: true })
       .then((response) => {
         dispatch(setAssets(response.data.assets));
       })
diff --git a/client/modules/IDE/components/AssetList.jsx b/client/modules/IDE/components/AssetList.jsx
@@ -13,7 +13,7 @@ import * as AssetActions from '../actions/assets';
 class AssetList extends React.Component {
   constructor(props) {
     super(props);
-    this.props.getAssets(this.props.username);
+    this.props.getAssets();
   }
 
   getAssetsTitle() {
diff --git a/client/routes.jsx b/client/routes.jsx
@@ -47,10 +47,10 @@ const routes = (store) => {
       <Route path="/projects/:project_id" component={IDEView} />
       <Route path="/full/:project_id" component={FullView} />
       <Route path="/sketches" component={IDEView} />
+      <Route path="/assets" component={IDEView} />
+      <Route path="/account" component={forceToHttps(AccountView)} />
       <Route path="/:username/sketches/:project_id" component={IDEView} />
       <Route path="/:username/sketches" component={IDEView} />
-      <Route path="/:username/assets" component={IDEView} />
-      <Route path="/:username/account" component={forceToHttps(AccountView)} />
       <Route path="/about" component={IDEView} />
       <Route path="/feedback" component={IDEView} />
     </Route>
diff --git a/server/controllers/aws.controller.js b/server/controllers/aws.controller.js
@@ -109,7 +109,7 @@ export function copyObjectInS3(req, res) {
 }
 
 export function listObjectsInS3ForUser(req, res) {
-  const { username } = req.params;
+  const { username } = req.user;
   findUserByUsername(username, (user) => {
     const userId = user.id;
     const params = {
diff --git a/server/routes/aws.routes.js b/server/routes/aws.routes.js
@@ -7,6 +7,6 @@ const router = new Router();
 router.post('/S3/sign', isAuthenticated, AWSController.signS3);
 router.post('/S3/copy', isAuthenticated, AWSController.copyObjectInS3);
 router.delete('/S3/:object_key', isAuthenticated, AWSController.deleteObjectFromS3);
-router.get('/S3/:username/objects', AWSController.listObjectsInS3ForUser);
+router.get('/S3/objects', AWSController.listObjectsInS3ForUser);
 
 export default router;
diff --git a/server/routes/server.routes.js b/server/routes/server.routes.js
@@ -57,7 +57,15 @@ router.get('/verify', (req, res) => {
 });
 
 router.get('/sketches', (req, res) => {
-  res.send(renderIndex());
+  req.user ? res.send(renderIndex()) : res.redirect('/login');
+});
+
+router.get('/assets', (req, res) => {
+  req.user ? res.send(renderIndex()) : res.redirect('/login');
+});
+
+router.get('/account', (req, res) => {
+  req.user ? res.send(renderIndex()) : res.redirect('/login');
 });
 
 router.get('/about', (req, res) => {
@@ -74,16 +82,4 @@ router.get('/:username/sketches', (req, res) => {
   ));
 });
 
-router.get('/:username/assets', (req, res) => {
-  userExists(req.params.username, exists => (
-    exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
-  ));
-});
-
-router.get('/:username/account', (req, res) => {
-  userExists(req.params.username, exists => (
-    exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
-  ));
-});
-
 export default router;

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ import * as AssetActions from '../actions/assets';`
`13`	`13`	`class AssetList extends React.Component {`
`14`	`14`	`constructor(props) {`
`15`	`15`	`super(props);`
`16`		`- this.props.getAssets(this.props.username);`
	`16`	`+ this.props.getAssets();`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`getAssetsTitle() {`
Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ export function copyObjectInS3(req, res) {`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`export function listObjectsInS3ForUser(req, res) {`
`112`		`- const { username } = req.params;`
	`112`	`+ const { username } = req.user;`
`113`	`113`	`findUserByUsername(username, (user) => {`
`114`	`114`	`const userId = user.id;`
`115`	`115`	`const params = {`