From 595989c1500bf339c739a2fa1ecab1d7eb07fb8e Mon Sep 17 00:00:00 2001
From: lmarkus <lmarkus@paypal.com>
Date: Mon, 30 Dec 2013 22:19:21 -0800
Subject: [PATCH] Require authentication for admin and profile pages

---
 controllers/admin.js   | 9 +++++----
 controllers/profile.js | 9 +++++----
 lib/auth.js            | 1 +
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/controllers/admin.js b/controllers/admin.js
index 0208695..83559ce 100644
--- a/controllers/admin.js
+++ b/controllers/admin.js
@@ -1,7 +1,8 @@
 'use strict';
 
 
-var AdminModel = require('../models/admin');
+var AdminModel = require('../models/admin'),
+    auth = require('../lib/auth');
 
 
 module.exports = function (app) {
@@ -9,10 +10,10 @@ module.exports = function (app) {
     var model = new AdminModel();
 
 
-    app.get('/admin', function (req, res) {
-        
+    app.get('/admin', auth.isAuthenticated('admin'), function (req, res) {
+
         res.render('admin', model);
-        
+
     });
 
 };
diff --git a/controllers/profile.js b/controllers/profile.js
index fbb4e56..e08abcd 100644
--- a/controllers/profile.js
+++ b/controllers/profile.js
@@ -1,7 +1,8 @@
 'use strict';
 
 
-var ProfileModel = require('../models/profile');
+var ProfileModel = require('../models/profile'),
+    auth = require('../lib/auth');
 
 
 module.exports = function (app) {
@@ -9,10 +10,10 @@ module.exports = function (app) {
     var model = new ProfileModel();
 
 
-    app.get('/profile', function (req, res) {
-        
+    app.get('/profile', auth.isAuthenticated(), function (req, res) {
+
         res.render('profile', model);
-        
+
     });
 
 };
diff --git a/lib/auth.js b/lib/auth.js
index 814de42..7a24add 100644
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -66,6 +66,7 @@ exports.isAuthenticated = function (role) {
         if (role && req.user.role !== role) {
             res.status(401);
             res.render('errors/401');
+            return;
         }
 
         next();