m/umami
1
0
Fork 0
mirror of https://github.com/kremalicious/umami.git synced 2024-06-30 13:41:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated auth to check for uuid.

Browse Source
This commit is contained in:
Mike Cao 2022-11-09 10:15:21 -08:00
parent 8a74138e17
commit 76cad96a24
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/middleware.js
View File

@ -1,9 +1,10 @@
import { createMiddleware, unauthorized, badRequest, parseSecureToken } from 'next-basics';
import debug from 'debug';
import cors from 'cors';
import { validate } from 'uuid';
import { findSession } from 'lib/session';
import { parseShareToken, getAuthToken } from 'lib/auth';
import { secret } from './crypto';
import { secret } from 'lib/crypto';
import redis from 'lib/redis';
import { getUser } from '../queries';
@ -29,7 +30,7 @@ export const useAuth = createMiddleware(async (req, res, next) => {
const shareToken = await parseShareToken(req);
let user;
if (redis.enabled) {
if (redis.enabled && !validate(key)) {
user = await redis.get(key);
} else {
user = await getUser({ id: key });
@ -40,6 +41,8 @@ export const useAuth = createMiddleware(async (req, res, next) => {
return unauthorized(res);
}
log({ user, token, shareToken, key });
req.auth = { user, token, shareToken, key };
next();
});

2
pages/api/users/index.js
View File

@ -6,7 +6,7 @@ import { createUser, getUser, getUsers } from 'queries';
export default async (req, res) => {
await useAuth(req, res);
const { isAdmin } = req.auth;
const { isAdmin } = req.auth.user;
if (!isAdmin) {
return unauthorized(res);