mirror of
https://github.com/kremalicious/umami.git
synced 2024-12-25 02:36:20 +01:00
Updated auth to check for uuid.
This commit is contained in:
parent
8a74138e17
commit
76cad96a24
@ -1,9 +1,10 @@
|
||||
import { createMiddleware, unauthorized, badRequest, parseSecureToken } from 'next-basics';
|
||||
import debug from 'debug';
|
||||
import cors from 'cors';
|
||||
import { validate } from 'uuid';
|
||||
import { findSession } from 'lib/session';
|
||||
import { parseShareToken, getAuthToken } from 'lib/auth';
|
||||
import { secret } from './crypto';
|
||||
import { secret } from 'lib/crypto';
|
||||
import redis from 'lib/redis';
|
||||
import { getUser } from '../queries';
|
||||
|
||||
@ -29,7 +30,7 @@ export const useAuth = createMiddleware(async (req, res, next) => {
|
||||
const shareToken = await parseShareToken(req);
|
||||
|
||||
let user;
|
||||
if (redis.enabled) {
|
||||
if (redis.enabled && !validate(key)) {
|
||||
user = await redis.get(key);
|
||||
} else {
|
||||
user = await getUser({ id: key });
|
||||
@ -40,6 +41,8 @@ export const useAuth = createMiddleware(async (req, res, next) => {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
log({ user, token, shareToken, key });
|
||||
|
||||
req.auth = { user, token, shareToken, key };
|
||||
next();
|
||||
});
|
||||
|
@ -6,7 +6,7 @@ import { createUser, getUser, getUsers } from 'queries';
|
||||
export default async (req, res) => {
|
||||
await useAuth(req, res);
|
||||
|
||||
const { isAdmin } = req.auth;
|
||||
const { isAdmin } = req.auth.user;
|
||||
|
||||
if (!isAdmin) {
|
||||
return unauthorized(res);
|
||||
|
Loading…
Reference in New Issue
Block a user