From ae18f115f02d7c2dff6ae6020a3ff3d0a417aac8 Mon Sep 17 00:00:00 2001
From: timakasucces <timakasucces@users.noreply.github.com>
Date: Wed, 6 Mar 2019 23:03:37 +0300
Subject: [PATCH] Added verifyToken middleware to aliases route, added check
 for user existance on POST/auth

---
 src/routes/aliases.js | 3 ++-
 src/routes/auth.js    | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/routes/aliases.js b/src/routes/aliases.js
index 76b99af..d504216 100644
--- a/src/routes/aliases.js
+++ b/src/routes/aliases.js
@@ -3,13 +3,14 @@ const router = express.Router();
 const Aliases = require('../controllers/aliases');
 const Pages = require('../controllers/pages');
 const Alias = require('../models/alias');
+const verifyToken = require('./middlewares/token');
 
 /**
  * GET /*
  *
  * Return document with given alias
  */
-router.get('*', async (req, res) => {
+router.get('*', verifyToken, async (req, res) => {
   try {
     const alias = await Aliases.get(req.originalUrl.slice(1)); // Cuts first '/' character
 
diff --git a/src/routes/auth.js b/src/routes/auth.js
index 5ba1b0a..8eb861c 100644
--- a/src/routes/auth.js
+++ b/src/routes/auth.js
@@ -28,6 +28,10 @@ router.get('/auth', csrfProtection, function (req, res) {
 router.post('/auth', parseForm, csrfProtection, async (req, res) => {
   let userDoc = await Users.get();
 
+  if (!userDoc) {
+    throw new Error('Password not set');
+  }
+
   const passHash = userDoc.passHash;
 
   bcrypt.compare(req.body.password, passHash, async (err, result) => {