fix(security): require auth on clan creation, remove debug console.log
POST /herowars/clans was accessible without authentication. console.log(req.profile) in profiles controller leaked user data to logs.
This commit is contained in:
@@ -25,7 +25,6 @@ module.exports.deleteFollowUser = asyncHandler(async (req, res, next) => {
|
||||
|
||||
module.exports.getProfile = asyncHandler(async (req, res, next) => {
|
||||
try {
|
||||
console.log(req.profile)
|
||||
/*const user = await UserService.getUserById(req.payload.id);
|
||||
if (!user) {
|
||||
return next(new ErrorResponse("Unauthorized", 401, "Authentication required."));
|
||||
|
||||
@@ -6,7 +6,7 @@ const clanRouter = express.Router();
|
||||
|
||||
//clanRouter.param('clanId', getClan);
|
||||
clanRouter.get('/', auth.optional, getAllClans);
|
||||
clanRouter.post('/', auth.optional, createClan);
|
||||
clanRouter.post('/', auth.required, createClan);
|
||||
clanRouter.get('/:clanId', auth.required, getClan);
|
||||
clanRouter.put('/:clanId', auth.required, updateClan);
|
||||
clanRouter.delete('/:clanId', auth.required, deleteClan);
|
||||
|
||||
Reference in New Issue
Block a user