"Stop the hammering!"

3 years ago · e8af895095
2 changed files with 10 additions and 5 deletions
--- a/app/controllers/auth.js
+++ b/app/controllers/auth.js
@ -31,6 +31,7 @@ class AuthController extends SiteController {
    this.dtp.app.use('/auth', router);
    const authRequired = this.dtp.services.session.authCheckMiddleware({ requireLogin: true });
    const authRequiredNoRedirect = this.dtp.services.session.authCheckMiddleware({ requireLogin: true, useRedirect: false });
    router.post(
      '/otp/enable',
@ -59,7 +60,7 @@ class AuthController extends SiteController {
    router.get(
      '/socket-token',
-      authRequired,
+      authRequiredNoRedirect,
      limiterService.create(limiterService.config.auth.getSocketToken),
      this.getSocketToken.bind(this),
    );
--- a/app/services/session.js
+++ b/app/services/session.js
@ -46,14 +46,18 @@ class SessionService extends SiteService {
    options = Object.assign({
      requireLogin: true,
      requireAdmin: false,
      useRedirect: true,
      loginUri: '/welcome/login',
    }, options);
    return async (req, res, next) => {
      if (options.requireLogin && !req.user) {
-        req.session.loginReturnTo = req.url;
+        if (options.useRedirect) {
-        await this.saveSession(req);
+          req.session.loginReturnTo = req.url;
-        this.log.info('redirecting to login', { returnTo: req.url });
+          await this.saveSession(req);
-        return res.redirect(options.loginUri);
+          this.log.info('redirecting to login', { returnTo: req.url });
          return res.redirect(options.loginUri);
        }
        return next(new SiteError(403, 'Must sign in to continue'));
      }
      if (options.requireAdmin && (!req.user || !req.user.flags.isAdmin)) {
        return next(new SiteError(403, 'Administrator privileges are required'));