diff --git a/lib/auth.js b/lib/auth.js index 48d0b6fe..446d5169 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -15,7 +15,7 @@ export function getAuthToken(req) { export function getShareToken(req) { try { - return parseSecureToken(req.headers[SHARE_TOKEN_HEADER], secret()); + return parseToken(req.headers[SHARE_TOKEN_HEADER], secret()); } catch { return null; } @@ -23,12 +23,10 @@ export function getShareToken(req) { export function isValidToken(token, validation) { try { - const result = parseToken(token, secret()); - if (typeof validation === 'object') { - return !Object.keys(validation).find(key => result[key] !== validation[key]); + return !Object.keys(validation).find(key => token[key] !== validation[key]); } else if (typeof validation === 'function') { - return validation(result); + return validation(token); } } catch (e) { return false; @@ -38,7 +36,7 @@ export function isValidToken(token, validation) { } export async function allowQuery(req) { - const { id: websiteId } = req.query; + const { id } = req.query; const { userId, isAdmin, shareToken } = req.auth ?? {}; @@ -47,11 +45,11 @@ export async function allowQuery(req) { } if (shareToken) { - return isValidToken(shareToken, { websiteUuid: websiteId }); + return isValidToken(shareToken, { id }); } if (userId) { - const website = await getWebsite({ websiteUuid: websiteId }); + const website = await getWebsite({ id }); return website && website.userId === userId; } diff --git a/lib/middleware.js b/lib/middleware.js index 753814b0..8189ea66 100644 --- a/lib/middleware.js +++ b/lib/middleware.js @@ -29,7 +29,7 @@ export const useAuth = createMiddleware(async (req, res, next) => { const token = await getAuthToken(req); const shareToken = await getShareToken(req); - if (!token) { + if (!token && !shareToken) { return unauthorized(res); } diff --git a/package.json b/package.json index 8b0e1b13..facf913a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "umami", - "version": "1.39.0", + "version": "1.39.1", "description": "A simple, fast, privacy-focused alternative to Google Analytics.", "author": "Mike Cao ", "license": "MIT", diff --git a/pages/api/share/[id].js b/pages/api/share/[id].js index 620967c7..a89829fa 100644 --- a/pages/api/share/[id].js +++ b/pages/api/share/[id].js @@ -9,10 +9,11 @@ export default async (req, res) => { const website = await getWebsiteByShareId(id); if (website) { - const { websiteId, websiteUuid } = website; - const token = createToken({ websiteId, websiteUuid }, secret()); + const { websiteUuid } = website; + const data = { id: websiteUuid }; + const token = createToken(data, secret()); - return ok(res, { websiteId, websiteUuid, token }); + return ok(res, { ...data, token }); } return notFound(res); diff --git a/pages/share/[...id].js b/pages/share/[...id].js index 24113959..d449afa5 100644 --- a/pages/share/[...id].js +++ b/pages/share/[...id].js @@ -14,11 +14,9 @@ export default function SharePage() { return null; } - const { websiteUuid } = shareToken; - return ( - + ); }