mirror of
https://github.com/kremalicious/umami.git
synced 2024-12-25 02:36:20 +01:00
Fixed share token check.
This commit is contained in:
parent
091716e037
commit
8722b794d9
11
lib/auth.js
11
lib/auth.js
@ -50,12 +50,9 @@ export function isValidToken(token, validation) {
|
||||
export async function allowQuery(req, type) {
|
||||
const { id } = req.query;
|
||||
|
||||
const {
|
||||
user: { id: userId, isAdmin },
|
||||
shareToken,
|
||||
} = req.auth;
|
||||
const { user, shareToken } = req.auth;
|
||||
|
||||
if (isAdmin) {
|
||||
if (user?.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -63,11 +60,11 @@ export async function allowQuery(req, type) {
|
||||
return isValidToken(shareToken, { id });
|
||||
}
|
||||
|
||||
if (userId) {
|
||||
if (user?.id) {
|
||||
if (type === TYPE_WEBSITE) {
|
||||
const website = await getWebsite({ id });
|
||||
|
||||
return website && website.userId === userId;
|
||||
return website && website.userId === user.id;
|
||||
} else if (type === TYPE_USER) {
|
||||
const user = await getUser({ id });
|
||||
|
||||
|
@ -29,12 +29,12 @@ export const useAuth = createMiddleware(async (req, res, next) => {
|
||||
const payload = parseSecureToken(token, secret());
|
||||
const shareToken = await parseShareToken(req);
|
||||
|
||||
let user;
|
||||
let user = null;
|
||||
const { userId, key } = payload || {};
|
||||
|
||||
if (validate(userId)) {
|
||||
user = await getUser({ id: userId });
|
||||
} else if (redis.enabled) {
|
||||
} else if (redis.enabled && key) {
|
||||
user = await redis.get(key);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user