Updated token payload.

2025-01-27 02:26:18 +01:00 · 2022-11-11 09:42:54 -08:00 · 2022-11-11 09:42:54 -08:00 · 1c64800157
commit 1c64800157
parent cd9036adaf
2 changed files with 11 additions and 8 deletions
--- a/lib/auth.js
+++ b/lib/auth.js
@ -7,9 +7,11 @@ import { secret } from 'lib/crypto';
 const log = debug('umami:auth');
 export function getAuthToken(req) {
-  const token = req.headers.authorization;
+  try {
-
+    return req.headers.authorization.split(' ')[1];
-  return token.split(' ')[1];
+  } catch {
    return null;
  }
 }
 export function parseAuthToken(req) {
--- a/lib/middleware.js
+++ b/lib/middleware.js
@ -26,24 +26,25 @@ export const useSession = createMiddleware(async (req, res, next) => {
 export const useAuth = createMiddleware(async (req, res, next) => {
  const token = getAuthToken(req);
-  const key = parseSecureToken(token, secret());
+  const payload = parseSecureToken(token, secret()) || {};
  const shareToken = await parseShareToken(req);
  let user;
  const { userId, key } = payload;
-  if (validate(key)) {
+  if (validate(userId)) {
-    user = await getUser({ id: key });
+    user = await getUser({ id: userId });
  } else if (redis.enabled) {
    user = await redis.get(key);
  }
  log({ token, payload, user, shareToken });
  if (!user && !shareToken) {
    log('useAuth:user-not-authorized');
    return unauthorized(res);
  }
  log({ user, token, shareToken, key });
  req.auth = { user, token, shareToken, key };
  next();
 });