From eab73be3e5ee74525f71d5707252881a3e0eeb21 Mon Sep 17 00:00:00 2001 From: Max Hunt Date: Fri, 15 May 2020 18:28:27 +0100 Subject: [PATCH] Update --- functions/views/js/fAuth.js | 2 +- server.js | 24 ++++++++---------------- 2 files changed, 9 insertions(+), 17 deletions(-) diff --git a/functions/views/js/fAuth.js b/functions/views/js/fAuth.js index 0e6618f..893e8e1 100644 --- a/functions/views/js/fAuth.js +++ b/functions/views/js/fAuth.js @@ -7,7 +7,7 @@ function checkAuth(){ firebase.auth().currentUser.getIdToken().then(function(idToken) { let url = 'login-user-api' - let data = {uToken: idToken, user: user} + let data = {uToken: idToken} let postData = {method: 'POST', body: JSON.stringify(data),headers: {'Content-Type': 'application/json'}} fetch(url, postData) .then(response => response.json()) diff --git a/server.js b/server.js index 59de210..26692da 100644 --- a/server.js +++ b/server.js @@ -376,24 +376,16 @@ app.post('/sold-api', async function(request, responce){ }) app.post('/login-user-api', function(request, responce){ - if (request.body.uToken && request.body.user) { + if (request.body.uToken) { admin.auth().verifyIdToken(request.body.uToken) .then(async function(decodedToken) { - let user = request.body.user let uid = decodedToken.uid - - if (uid != user.uid){ - responce.send({success:false, error:'Stop hacking'}) - } - else { - let rsp = await checkNewUser(user) - responce.send(rsp) - } + let rsp = await checkNewUser(uid) + responce.send(rsp) + }) + .catch(e=>{ + responce.send({success:false, error:'invalid auth token, ' + e}) }) - .catch(function(error) { - responce.send({success:false, error:'invalid auth token'}) - console.log(error) - }); } else { responce.send({success:false, error: 'invalid data'}) @@ -520,8 +512,8 @@ async function authCheck(token) { return uid } -async function checkNewUser(user){ - let snapshot = await checkUserExists(user.uid) +async function checkNewUser(uid){ + let snapshot = await checkUserExists(uid) if (snapshot){ let users = snapshot.val() let keys = Object.keys(users)