From 1c64800157bc620f00466e22908d4e407bbff1a1 Mon Sep 17 00:00:00 2001 From: Mike Cao Date: Fri, 11 Nov 2022 09:42:54 -0800 Subject: [PATCH 1/2] Updated token payload. --- lib/auth.js | 8 +++++--- lib/middleware.js | 11 ++++++----- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/lib/auth.js b/lib/auth.js index 7a44f360..664ff30c 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -7,9 +7,11 @@ import { secret } from 'lib/crypto'; const log = debug('umami:auth'); export function getAuthToken(req) { - const token = req.headers.authorization; - - return token.split(' ')[1]; + try { + return req.headers.authorization.split(' ')[1]; + } catch { + return null; + } } export function parseAuthToken(req) { diff --git a/lib/middleware.js b/lib/middleware.js index 7473e81c..5660388e 100644 --- a/lib/middleware.js +++ b/lib/middleware.js @@ -26,24 +26,25 @@ export const useSession = createMiddleware(async (req, res, next) => { export const useAuth = createMiddleware(async (req, res, next) => { const token = getAuthToken(req); - const key = parseSecureToken(token, secret()); + const payload = parseSecureToken(token, secret()) || {}; const shareToken = await parseShareToken(req); let user; + const { userId, key } = payload; - if (validate(key)) { - user = await getUser({ id: key }); + if (validate(userId)) { + user = await getUser({ id: userId }); } else if (redis.enabled) { user = await redis.get(key); } + log({ token, payload, user, shareToken }); + if (!user && !shareToken) { log('useAuth:user-not-authorized'); return unauthorized(res); } - log({ user, token, shareToken, key }); - req.auth = { user, token, shareToken, key }; next(); }); From 091716e037e3eb74259ca9ec91ff7b2e0ac46ff8 Mon Sep 17 00:00:00 2001 From: Mike Cao Date: Sat, 12 Nov 2022 11:33:14 -0800 Subject: [PATCH 2/2] Updated middleware check. --- lib/middleware.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/middleware.js b/lib/middleware.js index 5660388e..09d790d1 100644 --- a/lib/middleware.js +++ b/lib/middleware.js @@ -26,11 +26,11 @@ export const useSession = createMiddleware(async (req, res, next) => { export const useAuth = createMiddleware(async (req, res, next) => { const token = getAuthToken(req); - const payload = parseSecureToken(token, secret()) || {}; + const payload = parseSecureToken(token, secret()); const shareToken = await parseShareToken(req); let user; - const { userId, key } = payload; + const { userId, key } = payload || {}; if (validate(userId)) { user = await getUser({ id: userId });