angular security course

Your Name · Your Name · commit c00aa372078b · 2017-08-17T16:09:13.000+02:00
diff --git a/server/auth.middleware.ts b/server/auth.middleware.ts
@@ -0,0 +1,16 @@
+import {Request, Response, NextFunction} from 'express';
+
+
+export function checkIfAuthenticated(req: Request, res: Response, next: NextFunction) {
+
+    if (req['userId']) {
+        next();
+    }
+    else {
+        res.sendStatus(403);
+    }
+
+
+}
+
+
diff --git a/server/get-user.middleware.ts b/server/get-user.middleware.ts
@@ -1,8 +1,8 @@
 
 
 
-import {Request, Response, NextFunction} from 'express';
 import {decodeJwt} from "./security.utils";
+import {Request, Response, NextFunction} from 'express';
 
 
 export function retrieveUserIdFromRequest(req: Request, res: Response, next: NextFunction) {
@@ -17,6 +17,9 @@ export function retrieveUserIdFromRequest(req: Request, res: Response, next: Nex
                 next();
         })
     }
+    else {
+      next();
+    }
 }
 
 
diff --git a/server/get-user.route.ts b/server/get-user.route.ts
@@ -10,7 +10,7 @@ export function getUser(req:Request, res:Response) {
     const user = db.findUserById(req["userId"]);
 
     if (user) {
-        res.status(200).json({email:user.email});
+        res.status(200).json({email:user.email, id:user.id});
     }
     else {
         res.sendStatus(204);
diff --git a/server/server.ts b/server/server.ts
@@ -10,6 +10,7 @@ import {getUser} from "./get-user.route";
 import {logout} from "./logout.route";
 import {login} from "./login.route";
 import {retrieveUserIdFromRequest} from "./get-user.middleware";
+import {checkIfAuthenticated} from "./auth.middleware";
 const bodyParser = require('body-parser');
 const cookieParser = require('cookie-parser');
 
@@ -29,10 +30,9 @@ const optionDefinitions = [
 
 const options = commandLineArgs(optionDefinitions);
 
-
 // REST API
 app.route('/api/lessons')
-    .get(readAllLessons);
+    .get(checkIfAuthenticated, readAllLessons);
 
 app.route('/api/signup')
     .post(createUser);
@@ -41,7 +41,7 @@ app.route('/api/user')
     .get(getUser);
 
 app.route('/api/logout')
-    .post( logout);
+    .post(checkIfAuthenticated, logout);
 
 app.route('/api/login')
     .post(login);
diff --git a/src/app/services/auth.service.ts b/src/app/services/auth.service.ts
@@ -26,6 +26,9 @@ export class AuthService {
             .subscribe(user => this.subject.next(user ? user : ANONYMOUS_USER));
     }
 
+
+
+
     signUp(email:string, password:string ) {
 
         return this.http.post<User>('/api/signup', {email, password})

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`
`2`	`2`
`3`	`3`
`4`		`-import {Request, Response, NextFunction} from 'express';`
`5`	`4`	`import {decodeJwt} from "./security.utils";`
	`5`	`+import {Request, Response, NextFunction} from 'express';`
`6`	`6`
`7`	`7`
`8`	`8`	`export function retrieveUserIdFromRequest(req: Request, res: Response, next: NextFunction) {`
`@@ -17,6 +17,9 @@ export function retrieveUserIdFromRequest(req: Request, res: Response, next: Nex`
`17`	`17`	`next();`
`18`	`18`	`})`
`19`	`19`	`}`
	`20`	`+ else {`
	`21`	`+ next();`
	`22`	`+ }`
`20`	`23`	`}`
`21`	`24`
`22`	`25`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ export function getUser(req:Request, res:Response) {`
`10`	`10`	`const user = db.findUserById(req["userId"]);`
`11`	`11`
`12`	`12`	`if (user) {`
`13`		`- res.status(200).json({email:user.email});`
	`13`	`+ res.status(200).json({email:user.email, id:user.id});`
`14`	`14`	`}`
`15`	`15`	`else {`
`16`	`16`	`res.sendStatus(204);`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,9 @@ export class AuthService {`
`26`	`26`	`.subscribe(user => this.subject.next(user ? user : ANONYMOUS_USER));`
`27`	`27`	`}`
`28`	`28`
	`29`	`+`
	`30`	`+`
	`31`	`+`
`29`	`32`	`signUp(email:string, password:string ) {`
`30`	`33`
`31`	`34`	`return this.http.post<User>('/api/signup', {email, password})`