Fixed share token check.

This commit is contained in:
Mike Cao 2022-11-16 11:44:36 -08:00
parent 091716e037
commit 8722b794d9
2 changed files with 6 additions and 9 deletions

View File

@ -50,12 +50,9 @@ export function isValidToken(token, validation) {
export async function allowQuery(req, type) {
const { id } = req.query;
const {
user: { id: userId, isAdmin },
shareToken,
} = req.auth;
const { user, shareToken } = req.auth;
if (isAdmin) {
if (user?.isAdmin) {
return true;
}
@ -63,11 +60,11 @@ export async function allowQuery(req, type) {
return isValidToken(shareToken, { id });
}
if (userId) {
if (user?.id) {
if (type === TYPE_WEBSITE) {
const website = await getWebsite({ id });
return website && website.userId === userId;
return website && website.userId === user.id;
} else if (type === TYPE_USER) {
const user = await getUser({ id });

View File

@ -29,12 +29,12 @@ export const useAuth = createMiddleware(async (req, res, next) => {
const payload = parseSecureToken(token, secret());
const shareToken = await parseShareToken(req);
let user;
let user = null;
const { userId, key } = payload || {};
if (validate(userId)) {
user = await getUser({ id: userId });
} else if (redis.enabled) {
} else if (redis.enabled && key) {
user = await redis.get(key);
}