* Added error display to every axios server call

* Added better destroy of login token if invalid * Block users from opening notes they don't own, note closes automatically * Beefed up login and home page a little to make them more appealing
2020-04-14 05:09:19 +00:00
parent 278b204b3b
commit 2b8f70b5fa
19 changed files with 114 additions and 23 deletions
--- a/server/index.js
+++ b/server/index.js
@@ -55,7 +55,8 @@ io.on('connection', function(socket){
 		.then(userData => {
 			socket.join(userData.id)
 		}).catch(error => {
-			console.log(error)
+			//Don't add user to room if they are not logged in
+			// console.log(error)
 		})
 	})

--- a/server/models/Note.js
+++ b/server/models/Note.js
@@ -404,6 +404,8 @@ Note.get = (userId, noteId, password = '') => {
 				note_raw_text.updated as updated,
 				note_raw_text.decrypt_attempts_count,
 				note_raw_text.last_decrypted_date,
+				note.id,
+				note.user_id,
 				note.created,
 				note.pinned,
 				note.archived,
@@ -425,6 +427,11 @@ Note.get = (userId, noteId, password = '') => {
 			const rawTextId = noteData['rawTextId']
 			noteData.decrypted = true

+			//Block access to notes if invalid or user doesn't have access
+			if(!noteData || !noteData['user_id'] || noteData['user_id'] != userId || noteData['id'] != noteId){
+				return resolve(false)
+			}
+

 			//If this is not and encrypted note, pass decrypted true, skip encryption stuff
 			if(noteData.encrypted == 1){