From 3a15b47fb185e0ad48ead8f556f6da02a7f6eb0e Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Wed, 30 Nov 2022 22:44:31 +0100
Subject: [PATCH] add an unauthorized page

---
 js/login.js         |  7 ++++---
 js/register.js      |  8 ++++----
 routes/user_auth.js | 12 ++++++++++--
 routes/userfiles.js |  1 +
 views/dms.html      |  3 +++
 views/login.html    | 19 +++++++++++--------
 views/no_login.html | 34 ++++++++++++++++++++++++++++++++++
 views/posts.html    |  3 +++
 views/register.html |  5 ++++-
 views/search.html   |  3 +++
 views/user.html     |  3 +++
 11 files changed, 80 insertions(+), 18 deletions(-)
 create mode 100644 views/no_login.html

diff --git a/js/login.js b/js/login.js
index 8e2a194..d95ba7f 100644
--- a/js/login.js
+++ b/js/login.js
@@ -1,15 +1,16 @@
 async function login() {
     let r = (await post("/login",{
         user: document.getElementById("user").value,
-        pass: document.getElementById("pass").value
+        pass: document.getElementById("pass").value,
+        r: REDIRECT_URL
     }))
-    if(!r.url.endsWith("/user")) {
+    if(!r.url.endsWith("/user") && !r.url.endsWith(REDIRECT_URL)) {
         document.getElementById("pass").value = ""
         console.error("login failed")
         alert("Login failed, please make sure you have the right password")
         return;
     }
-    window.location = "/user"
+    window.location = r.url
 }
 
 let passfield = document.getElementById("pass")
diff --git a/js/register.js b/js/register.js
index 0e26472..6988cef 100644
--- a/js/register.js
+++ b/js/register.js
@@ -13,10 +13,10 @@ async function register() {
     }
     let r = (await post("/register",{
         user: document.getElementById("user").value,
-        pass: document.getElementById("pass").value
+        pass: document.getElementById("pass").value,
+        r: REDIRECT_URL
     }))
-    console.log(r)
-    if(!r.url.endsWith("/user?success=true")) {
+    if(!r.url.endsWith("/user?success=true") && !r.url.endsWith(REDIRECT_URL)) {
         if(r.url.endsWith("already_exists")) {
             alert("An account with that name already exists! Did you mean to login?")
             return
@@ -27,7 +27,7 @@ async function register() {
         alert("Registration failed")
         return;
     }
-    window.location = "/user"
+    window.location = r.url
 }
 
 function passkeydown(e) {
diff --git a/routes/user_auth.js b/routes/user_auth.js
index bead980..f317fc9 100644
--- a/routes/user_auth.js
+++ b/routes/user_auth.js
@@ -82,7 +82,11 @@ export const setup = function (router, con, server) {
                 if (err)
                     throw err;
                 res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
-                res.redirect("/user?success=true");
+                if(req.body.r !== undefined) {
+                    res.redirect(decodeURIComponent(req.body.r))
+                } else {
+                    res.redirect("/user");
+                }
             });
         });
     });
@@ -153,7 +157,11 @@ export const setup = function (router, con, server) {
                             throw error;
                     });
                 }
-                res.redirect("/user?success=true");
+                if(req.body.r !== undefined) {
+                    res.redirect(decodeURIComponent(req.body.r))
+                } else {
+                    res.redirect("/user");
+                }
             }
             else {
                 console.log(5,"login failed, username: ", username);
diff --git a/routes/userfiles.js b/routes/userfiles.js
index 84eeab7..cd5a8bb 100644
--- a/routes/userfiles.js
+++ b/routes/userfiles.js
@@ -115,6 +115,7 @@ export const setup = function (router, con, server) {
     
         if(path != "" && originalUrl != "/favicon.ico" && originalUrl != "/api/documentation/") {
             global_page_variables.user = { "username": response.locals.username, "bio": response.locals.bio, "avatar": response.locals.avatar }
+            global_page_variables.query = request.query
             ejs.renderFile(path,global_page_variables,{async: true},async function(err,str){
                 str = await str
                 err = await err
diff --git a/views/dms.html b/views/dms.html
index 4fd0ab8..371563e 100644
--- a/views/dms.html
+++ b/views/dms.html
@@ -3,6 +3,9 @@
   <head>
     <meta charset="utf-8">
     <title>DMs</title>
+    <% if(user.username === undefined) { %>
+      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
+    <% } %>
     <%- newrelic %>
     <style>
       <%- globalcss %>
diff --git a/views/login.html b/views/login.html
index f2c7941..7eee1ce 100644
--- a/views/login.html
+++ b/views/login.html
@@ -1,14 +1,17 @@
 <!DOCTYPE html>
 <html lang="en" dir="ltr">
 <head>
-	<meta name="viewport" content="width=device-width, initial-scale=1.0">
-	<title>Login | IPost</title>
-  <%- newrelic %>
-  <link rel="stylesheet" href="/css/logon.css">
-  <script src="/js/warn_message.js" charset="utf-8"></script>
-  <script src="/js/addnavbar.js" charset="utf-8"></script>
-  <link rel="stylesheet" href="/css/global.css">
-  <script> <%- httppostjs %> </script>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login | IPost</title>
+    <%- newrelic %>
+    <link rel="stylesheet" href="/css/logon.css">
+    <script src="/js/warn_message.js" charset="utf-8"></script>
+    <script src="/js/addnavbar.js" charset="utf-8"></script>
+    <link rel="stylesheet" href="/css/global.css">
+    <script> 
+        const REDIRECT_URL = "<%-query.r%>"
+        <%- httppostjs %> 
+    </script>
 </head>
 
 <body>
diff --git a/views/no_login.html b/views/no_login.html
new file mode 100644
index 0000000..f620bfd
--- /dev/null
+++ b/views/no_login.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="Chat now by creating an account on IPost">
+    <title>You have to be logged in to view this!</title>
+    <link rel="stylesheet" href="/css/global.css">
+    <style>
+
+        body {
+            background-color: var(--bg-color);
+            color: var(--text-color);
+            text-align: center;
+            margin-top: 10%;
+        }
+        div {
+            font-size: 130%;
+        }
+        
+    </style>
+</head>
+<body>
+    <h1>Uh oh.. </h1>
+    <h2>You have to be logged in to view this content</h2>
+    <div>
+        <div>
+            To continue <br>
+            <a href="/login?r=<%-query.r%>">login</a> or <a href="/register?r=<%-query.r%>">register</a> <br>
+        </div>
+    </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/views/posts.html b/views/posts.html
index 627d498..4bb9a40 100644
--- a/views/posts.html
+++ b/views/posts.html
@@ -9,6 +9,9 @@
       <%- globalcss %>
       <%- loadfile("./css/posts.css") %>
     </style>
+    <% if(user.username === undefined) { %>
+      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
+    <% } %>
     <script type="text/javascript" async>
       <%- httppostjs %>
       <%- htmlescapejs %>
diff --git a/views/register.html b/views/register.html
index f2e4bfb..7ce3d6a 100644
--- a/views/register.html
+++ b/views/register.html
@@ -8,7 +8,10 @@
   <link rel="stylesheet" href="/css/global.css">
 	<meta name="viewport" content="width=device-width, initial-scale=1.0">
 	<title>Register | IPost</title>
-  <script> <%- httppostjs %> </script>
+  <script> 
+        const REDIRECT_URL = "<%-query.r%>"
+        <%- httppostjs %> 
+    </script>
 </head>
 <body>
     <header>
diff --git a/views/search.html b/views/search.html
index 8707bd3..55f8ab5 100644
--- a/views/search.html
+++ b/views/search.html
@@ -28,6 +28,9 @@
         padding-bottom: 2px;
       }
     </style>
+    <% if(user.username === undefined) { %>
+      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
+    <% } %>
   </head>
   <body>
     <main>
diff --git a/views/user.html b/views/user.html
index 9d17a80..838d6da 100644
--- a/views/user.html
+++ b/views/user.html
@@ -5,6 +5,9 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>User | IPost</title>
+    <% if(user.username === undefined) { %>
+      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
+    <% } %>
     <%- newrelic %>
     <style>
       <%- globalcss %>