From 4f6c00df262f4bb28cab8e25846378a5d31b8c6e Mon Sep 17 00:00:00 2001
From: Chris Brame <polonel@gmail.com>
Date: Tue, 16 Oct 2018 02:46:07 -0400
Subject: [PATCH] fix(assets): security fix

---
 src/middleware/index.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/middleware/index.js b/src/middleware/index.js
index 7c148352d..d7164798d 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -95,11 +95,12 @@ module.exports = function(app, db, callback) {
 
             //CORS
             app.use(allowCrossDomain);
-            app.use('/uploads/tickets', express.static(path.join(__dirname, '../../', 'public', 'uploads', 'tickets')));
-
             //Mobile
             app.use('/mobile', express.static(path.join(__dirname, '../../', 'mobile')));
 
+            app.use('/uploads/tickets', middleware.redirectToLogin, express.static(path.resolve(__dirname, '/public/uploads/tickets')));
+            app.use('/uploads/users', middleware.redirectToLogin, express.static(path.resolve(__dirname, '/public/uploads/users')));
+            
             app.use(express.static(path.join(__dirname, '../../', 'public')));
 
             //Remove to enable plugins