Enhance newsletter subscription functionality with user profile integration
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 41s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 41s
This commit updates the newsletter subscription component to display the user's email when logged in, improving user experience. It also adds logic to load the user's profile data upon authentication, ensuring that the email field is pre-filled for logged-in users. Additionally, the server-side subscription handler is modified to check user authentication status, allowing only logged-in users to subscribe to certain groups. This change enhances the overall subscription process and aligns it with user authentication state.
This commit is contained in:
Torsten Schulz (local)
@@ -5,6 +5,7 @@ import crypto from 'crypto'
|
||||
import fs from 'fs/promises'
|
||||
import path from 'path'
|
||||
import { assertRateLimit, getClientIp, registerRateLimitFailure, registerRateLimitSuccess } from '../../utils/rate-limit.js'
|
||||
import { getUserFromToken } from '../../utils/auth.js'
|
||||
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||
// filename is always a hardcoded constant (e.g., 'newsletter-subscribers.json'), never user input
|
||||
@@ -79,10 +80,33 @@ export default defineEventHandler(async (event) => {
|
||||
})
|
||||
}
|
||||
|
||||
if (group.type !== 'subscription' || group.sendToExternal !== true) {
|
||||
// Prüfe ob Benutzer eingeloggt ist
|
||||
let isLoggedIn = false
|
||||
try {
|
||||
const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace('Bearer ', '')
|
||||
if (token) {
|
||||
const user = await getUserFromToken(token)
|
||||
if (user && user.active) {
|
||||
isLoggedIn = true
|
||||
}
|
||||
}
|
||||
} catch (_e) {
|
||||
// Nicht eingeloggt - kein Problem
|
||||
}
|
||||
|
||||
// Prüfe ob Gruppe für Abonnements verfügbar ist
|
||||
if (group.type !== 'subscription') {
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: 'Diese Newsletter-Gruppe ist nicht für externe Abonnements verfügbar'
|
||||
statusMessage: 'Diese Newsletter-Gruppe ist nicht für Abonnements verfügbar'
|
||||
})
|
||||
}
|
||||
|
||||
// Nicht eingeloggte Benutzer können sich nur für externe Newsletter anmelden
|
||||
if (!isLoggedIn && group.sendToExternal !== true) {
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: 'Diese Newsletter-Gruppe ist nur für Mitglieder verfügbar. Bitte melden Sie sich an.'
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user