fix(security): require auth on clan creation, remove debug console.log

POST /herowars/clans was accessible without authentication.
console.log(req.profile) in profiles controller leaked user data to logs.
This commit is contained in:
2026-04-26 21:57:31 +02:00
parent ed0cd81bde
commit c2e65adbc6
2 changed files with 1 additions and 2 deletions
-1
View File
@@ -25,7 +25,6 @@ module.exports.deleteFollowUser = asyncHandler(async (req, res, next) => {
module.exports.getProfile = asyncHandler(async (req, res, next) => { module.exports.getProfile = asyncHandler(async (req, res, next) => {
try { try {
console.log(req.profile)
/*const user = await UserService.getUserById(req.payload.id); /*const user = await UserService.getUserById(req.payload.id);
if (!user) { if (!user) {
return next(new ErrorResponse("Unauthorized", 401, "Authentication required.")); return next(new ErrorResponse("Unauthorized", 401, "Authentication required."));
+1 -1
View File
@@ -6,7 +6,7 @@ const clanRouter = express.Router();
//clanRouter.param('clanId', getClan); //clanRouter.param('clanId', getClan);
clanRouter.get('/', auth.optional, getAllClans); clanRouter.get('/', auth.optional, getAllClans);
clanRouter.post('/', auth.optional, createClan); clanRouter.post('/', auth.required, createClan);
clanRouter.get('/:clanId', auth.required, getClan); clanRouter.get('/:clanId', auth.required, getClan);
clanRouter.put('/:clanId', auth.required, updateClan); clanRouter.put('/:clanId', auth.required, updateClan);
clanRouter.delete('/:clanId', auth.required, deleteClan); clanRouter.delete('/:clanId', auth.required, deleteClan);