Disable the API

Only allow deleting accounts.
Sensotrend · Nov 29, 2023 · b6e3a21 · b6e3a21
1 parent 34ef3d8
commit b6e3a21
Showing 1 changed file with 23 additions and 42 deletions.
diff --git a/lib/server.js b/lib/server.js
@@ -64,19 +64,7 @@ async function isUserAuthenticated (req, res, next) {
 }
 
 app.getAsync('/loggedin', isUserAuthenticated, async function (req, res) {
-
-   const user = await env.userProvider.findUserById(req.session.user.user_id);
-
-   if (!user.email) {
-      res.redirect('/emailverification/generateRequest');
-   } else {
-      const pageEnv = { apiURL: env.apiURL };
-
-      res.render('secret.ejs', {
-         user: user,
-         pageEnv,
-      });
-   }
+   res.status(451).send('');;
 });
 
 app.deleteAsync('/api/deleteuser', async function (req, res) {
@@ -108,41 +96,34 @@ app.deleteAsync('/api/deleteuser', async function (req, res) {
    res.redirect('/deleted');
 });
 
+function send451(req, res) {
+   res.status(451).send('');;
+} 
+
+app.get('/api*', send451);
+app.put('/api*', send451);
+app.post('/api*', send451);
+app.get('/auth/*', send451);
+app.post('/auth/*', send451);
+app.get('/emailverification*', send451);
+app.post('/emailverification*', send451);
+app.get('/fiphr*', send451);
+app.post('/fiphr*', send451);
+app.get('/nsconsent*', send451);
+app.post('/nsconsent*', send451);
+app.get('/pebble', send451);
+app.get('/tp*', send451);
+app.put('/tp*', send451);
+app.post('/tp*', send451);
+
+
 // Logout route
 app.get('/logout', (req, res) => {
    req.session.destroy();
    // res.render('loggedout.ejs');
    res.status(200).json({ status: 'OK' });
 });
 
-/// Kanta authentication
-app.use('/fiphr', env.oauthProvider);
-app.use('/auth/kanta', env.oauthProvider);
-////
-
-let nsrest = NSRestService(env);
-app.use('/api/v1', nsrest);
-app.use('/pebble', nsrest);
-
-let tidepoolService = TidepoolRESTService(env);
-
-app.use('/tpupload', tidepoolService.uploadApp);
-app.use('/tpapi', tidepoolService.APIapp);
-app.use('/tpdata', tidepoolService.dataApp);
-
-env.logger.info('TidepoolRESTService started');
-
-let nightscoutService = NightscoutViewConsentService(env);
-
-app.use('/nsconsent', nightscoutService);
-
-env.logger.info('Nightscout access consent Service started');
-
-let emailService = EmailVerificationService(env);
-
-app.use('/emailverification', emailService);
-
-env.logger.info('Email verification Service started');
 
 //production mode
 if (process.env.NODE_ENV === 'production') {
@@ -159,7 +140,7 @@ app.use(function(err, req, res, next) {
       env.logger.error('Problem serving URL ' + req.originalUrl);
       env.logger.error(err);
       env.logger.error(err.stack);
-      res.status(500).send('There was a problem handling your request'); 
+      res.status(500).send('');
    }
  });