Skip to content

Commit c31c35a

Browse files
PikalotPikalot
committed
Added security check for authorized token in cleezy.js helper function
1 parent 21814fd commit c31c35a

File tree

2 files changed

+30
-7
lines changed

2 files changed

+30
-7
lines changed

api/main_endpoints/routes/Cleezy.js

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ const router = express.Router();
44
const {
55
decodeToken,
66
checkIfTokenSent,
7+
checkIfTokenValid,
78
} = require('../util/token-functions.js');
89
const {
910
OK,
@@ -13,6 +14,7 @@ const {
1314
} = require('../../util/constants').STATUS_CODES;
1415
const logger = require('../../util/logger');
1516
const { Cleezy } = require('../../config/config.json');
17+
const membershipState = require('../../util/constants').MEMBERSHIP_STATE;
1618
const { ENABLED } = Cleezy;
1719

1820
let CLEEZY_URL = process.env.CLEEZY_URL
@@ -97,14 +99,19 @@ router.post('/deleteUrl', async (req, res) => {
9799
});
98100
});
99101

102+
const searchCleezyUrls = async (req) => {
103+
if(!ENABLED || !req.body.query) {
104+
return { status: OK, data: [] };
105+
}
100106

101-
const searchCleezyUrls = async (query) => {
102-
if(!ENABLED || !query) {
103-
return;
107+
if (!checkIfTokenSent(req)) {
108+
return { status: FORBIDDEN, data: [] };
109+
} else if (!checkIfTokenValid(req, membershipState.OFFICER)) {
110+
return { status: UNAUTHORIZED, data: [] };
104111
}
105112

106113
try {
107-
const cleezyQuery = query.replace(/[^a-zA-Z0-9]/g, '');
114+
const cleezyQuery = req.body.query.replace(/[^a-zA-Z0-9]/g, '');
108115
const cleezyRes = await axios.get(CLEEZY_URL + '/list', {
109116
params: {
110117
search: cleezyQuery
@@ -117,9 +124,10 @@ const searchCleezyUrls = async (query) => {
117124
return { ...e, link: u.href };
118125
});
119126

120-
return cleezyData;
127+
return { status: OK, data: cleezyData };
121128
} catch (err) {
122129
logger.error('cleezy search urls had an error', err);
130+
return { status: SERVER_ERROR, data: [] };
123131
}
124132
};
125133

api/main_endpoints/routes/ShortcutSearch.js

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -117,9 +117,24 @@ router.post('/', async function(req, res) {
117117
});
118118
}
119119

120-
const cleezyData = await cleezy.searchCleezyUrls(req.body.query);
120+
const cleezyRes = await cleezy.searchCleezyUrls(req); // .body.query, req);
121+
if (cleezyRes.status !== OK) {
122+
logger.warn('Cleezy search failed', {
123+
status: cleezyRes.status
124+
});
125+
126+
return res.status(OK).send({
127+
cleezyStatus: cleezyRes.status,
128+
items: { users }
129+
});
130+
}
121131

122-
res.status(OK).send({ items: {users, cleezyData} });
132+
return res.status(OK).send({
133+
items: {
134+
users,
135+
cleezyData: cleezyRes.data,
136+
}
137+
});
123138
} catch (error) {
124139
logger.error('/shortcutsearch encountered an error:', { error, query: req.body.query });
125140
if (error.response && error.response.data) {

0 commit comments

Comments
 (0)