Check API key on a page navigation (Closes #163)

PurdueIEEE · Oct 3, 2022 · 2927418 · 2927418
1 parent bcdda16
commit 2927418
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/api/src/app.js b/api/src/app.js
@@ -24,6 +24,7 @@ import routes from "./routes/index.js";
 const app = Router();
 
 // Setup our routes
+app.get("/", (req, res, next) => { res.status(204).send(); next(); });
 app.use("/account", routes.account);
 app.use("/budgets", routes.budgets);
 app.use("/purchase", routes.purchase);

diff --git a/ui/src/router/index.js b/ui/src/router/index.js
@@ -321,13 +321,20 @@ const router = createRouter({
 });
 
 // Make sure user is logged in before moving
-router.beforeEach((to, from, next) => {
+router.beforeEach(async (to, from, next) => {
   const requiresAuth = to.matched.some(x => x.meta.requiresAuth);
 
   if (!requiresAuth) { // does not need auth
     next();
   } else if (requiresAuth && auth_state.state.uname !== '') { // needs auth and auth set
-    next();
+    // verify API key is valid
+    const response = await fetch("/api/v2/");
+    if (response.status === 401) {
+      auth_state.clearAuthState();
+      next(`/login?returnto=${to.fullPath}`);
+    } else {
+      next();
+    }
   } else { // check if cookie exists
     let user = null;
 
@@ -337,7 +344,15 @@ router.beforeEach((to, from, next) => {
 
     if (user !== null) { // found valid old login
       auth_state.setAuthState(user);
-      next();
+
+      // verify API key is valid
+      const response = await fetch("/api/v2/");
+      if (response.status === 401) {
+        auth_state.clearAuthState();
+        next(`/login?returnto=${to.fullPath}`);
+      } else {
+        next();
+      }
     } else { // need to login
       next(`/login?returnto=${to.fullPath}`);
     }