api: only allow authenticated users to change their avatars
Parents:
ad68b5c2 file(s) changed
- api/src/controllers/users.ts +6 -1
- api/src/routes/users.ts +3 -2
api/src/controllers/users.ts
@@ -16,8 +16,12 @@ findUserByEmail,
16 16 updateUser
17 17 } from '@app/services/user.service';
18 18
19 + import {
20 + AuthenticatedRequest
21 + } from '@app/middleware/auth';
22 +
19 23 // XXX: I've regreted already
20 - interface SingleFileRequest extends Request {
24 + interface SingleFileRequest extends AuthenticatedRequest {
21 25 file?: any;
22 26 }
23 27
@@ -85,6 +89,7 @@
85 89 res.json({
86 90 message: 'File uploaded successfully',
87 91 fileLocation: req.file.location,
92 + key: req.file.key,
88 93 filename: req.file.originalname,
89 94 size: req.file.size
90 95 });
api/src/routes/users.ts
@@ -1,11 +1,12 @@
1 1 import { Router } from "express";
2 - import { UsersController } from '@app/controllers/users'
2 + import { UsersController } from '@app/controllers/users';
3 3 import multer from '@app/services/avatar';
4 + import { requireAuth } from '@app/middleware/auth';
4 5
5 6 const router = Router();
6 7
7 8 router.post('/', UsersController.create);
8 9 router.put('/:id', UsersController.update);
9 - router.post('/:id/avatar', multer.single('avatar'), UsersController.updateAvatar);
10 + router.post('/:id/avatar', requireAuth, multer.single('avatar'), UsersController.updateAvatar);
10 11
11 12 export default router;