angular security course

Your Name · Your Name · commit c3b3e4420127 · 2017-08-11T14:51:46.000+02:00
diff --git a/server/read-all-lessons.route.ts b/server/read-all-lessons.route.ts
@@ -1,9 +1,19 @@
 
 import {db} from "./database";
+import {sessionStore} from "./session-store";
 
 
 export function readAllLessons(req, res) {
 
-    res.status(200).json(db.readAllLessons());
+    const sessionId = req.cookies["SESSIONID"];
+
+    const isSessionValid = sessionStore.isSessionValid(sessionId);
+
+    if (!isSessionValid) {
+        res.sendStatus(403);
+    }
+    else {
+        res.status(200).json({lessons:db.readAllLessons()});
+    }
 
 }
diff --git a/server/session-store.ts b/server/session-store.ts
@@ -15,11 +15,15 @@ class SessionStore {
 
         const session = this.sessions[sessionId];
 
-        const isSessionValid = session && session.isValid();
-
-        return isSessionValid ? session.user : undefined;
+        return this.isSessionValid(sessionId) ? session.user : undefined;
     }
 
+    isSessionValid(sessionId: string): boolean {
+
+        const session = this.sessions[sessionId];
+
+        return session && session.isValid();
+    }
 }
 
 
diff --git a/src/app/lessons/lessons.component.html b/src/app/lessons/lessons.component.html
@@ -1,5 +1,5 @@
 
-<div class="lessons-list-container v-h-center-block-parent">
+<div class="lessons-list-container v-h-center-block-parent" *ngIf="isLoggedIn$ | async">
 
     <h2>All Lessons</h2>
 
diff --git a/src/app/services/lessons.service.ts b/src/app/services/lessons.service.ts
@@ -2,6 +2,7 @@
 import {Injectable} from "@angular/core";
 import {HttpClient} from "@angular/common/http";
 import {Lesson} from "../model/lesson";
+import {Observable} from "rxjs/Observable";
 
 
 @Injectable()
@@ -11,8 +12,9 @@ export class LessonsService {
 
     }
 
-    loadAllLessons() {
-        return this.http.get<Lesson[]>('/api/lessons');
+    loadAllLessons() : Observable<Lesson[]> {
+        return this.http.get<any>('/api/lessons')
+            .map(res => res.lessons);
     }
 
     findLessonById(id:number) {

Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,15 @@ class SessionStore {`
`15`	`15`
`16`	`16`	`const session = this.sessions[sessionId];`
`17`	`17`
`18`		`- const isSessionValid = session && session.isValid();`
`19`		`-`
`20`		`- return isSessionValid ? session.user : undefined;`
	`18`	`+ return this.isSessionValid(sessionId) ? session.user : undefined;`
`21`	`19`	`}`
`22`	`20`
	`21`	`+ isSessionValid(sessionId: string): boolean {`
	`22`	`+`
	`23`	`+ const session = this.sessions[sessionId];`
	`24`	`+`
	`25`	`+ return session && session.isValid();`
	`26`	`+ }`
`23`	`27`	`}`
`24`	`28`
`25`	`29`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`
`2`		`-<div class="lessons-list-container v-h-center-block-parent">`
	`2`	`+<div class="lessons-list-container v-h-center-block-parent" *ngIf="isLoggedIn$ \| async">`
`3`	`3`
`4`	`4`	`<h2>All Lessons</h2>`
`5`	`5`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`	`import {Injectable} from "@angular/core";`
`3`	`3`	`import {HttpClient} from "@angular/common/http";`
`4`	`4`	`import {Lesson} from "../model/lesson";`
	`5`	`+import {Observable} from "rxjs/Observable";`
`5`	`6`
`6`	`7`
`7`	`8`	`@Injectable()`
`@@ -11,8 +12,9 @@ export class LessonsService {`
`11`	`12`
`12`	`13`	`}`
`13`	`14`
`14`		`- loadAllLessons() {`
`15`		`- return this.http.get<Lesson[]>('/api/lessons');`
	`15`	`+ loadAllLessons() : Observable<Lesson[]> {`
	`16`	`+ return this.http.get<any>('/api/lessons')`
	`17`	`+ .map(res => res.lessons);`
`16`	`18`	`}`
`17`	`19`
`18`	`20`	`findLessonById(id:number) {`