securing signup endpoint

2025-11-08 05:03:39 +08:00 · 2021-08-16 15:27:42 +01:00 · 2021-08-16 15:27:42 +01:00 · 40cce1e54c
commit 40cce1e54c
parent d1c12e215d
3 changed files with 5 additions and 4 deletions
--- a/backend/api/controllers/user.js
+++ b/backend/api/controllers/user.js
@ -14,7 +14,8 @@ const fetch = require("node-fetch");
 class UserController {
  static async createNewUser(req, res, next) {
    try {
-      const { name, email, uid } = req.body;
+      const { name } = req.body;
+      const { email, uid } = req.decodedToken;
      await UsersDAO.addUser(name, email, uid);
      return res.sendStatus(200);
    } catch (e) {
--- a/backend/api/routes/user.js
+++ b/backend/api/routes/user.js
@ -6,7 +6,7 @@ const router = Router();

 router.get("/", authenticateRequest, UserController.getUser);

-router.post("/signup", UserController.createNewUser);
+router.post("/signup", authenticateRequest, UserController.createNewUser);

 router.post("/checkName", UserController.checkName);

--- a/src/js/account-controller.js
+++ b/src/js/account-controller.js
@ -121,8 +121,6 @@ export async function signInWithGoogle() {
      // try {
      response = await axiosInstance.post("/user/signUp", {
        name,
-        email: signedInUser.user.email,
-        uid: signedInUser.user.uid,
      });
      // } catch (e) {
      //   let msg = e?.response?.data?.message ?? e.message;
@ -249,6 +247,8 @@ async function signUp() {
    return;
  }

+  authListener();
+
  let createdAuthUser;
  try {
    createdAuthUser = await firebase