WIP block history requests that bypass JOIN restriction (where appropriate)

2020-02-19 15:32:15 -05:00
parent 79bc8830ef
commit 597f417ad6
2 changed files with 63 additions and 51 deletions
--- a/lib/historyKeeper.js
+++ b/lib/historyKeeper.js
@@ -153,14 +153,9 @@ module.exports.create = function (config, cb) {
                // and get the list of keys for which this user has already authenticated
                var session = HK.getNetfluxSession(Env, userId);

-                // iterate over their keys. If any of them are in the allow list, let them join
-                if (session) {
-                    for (var unsafeKey in session) {
-                        if (allowed.indexOf(unsafeKey) !== -1) {
-                            proceed();
-                            return void next();
-                        }
-                    }
+                if (HK.isUserSessionAllowed(allowed, session)) {
+                    proceed();
+                    return void next();
                }

                // otherwise they're not allowed.