fix(security): require auth on clan creation, remove debug console.log
POST /herowars/clans was accessible without authentication. console.log(req.profile) in profiles controller leaked user data to logs.
This commit is contained in:
@@ -6,7 +6,7 @@ const clanRouter = express.Router();
|
||||
|
||||
//clanRouter.param('clanId', getClan);
|
||||
clanRouter.get('/', auth.optional, getAllClans);
|
||||
clanRouter.post('/', auth.optional, createClan);
|
||||
clanRouter.post('/', auth.required, createClan);
|
||||
clanRouter.get('/:clanId', auth.required, getClan);
|
||||
clanRouter.put('/:clanId', auth.required, updateClan);
|
||||
clanRouter.delete('/:clanId', auth.required, deleteClan);
|
||||
|
||||
Reference in New Issue
Block a user