Merge pull request #1653 from umami-software/dev

merge dev to analytics
This commit is contained in:
Mike Cao 2022-11-15 11:52:14 -08:00 committed by GitHub
commit f0a072ca9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 8 deletions

View File

@ -7,9 +7,11 @@ import { secret } from 'lib/crypto';
const log = debug('umami:auth');
export function getAuthToken(req) {
const token = req.headers.authorization;
return token.split(' ')[1];
try {
return req.headers.authorization.split(' ')[1];
} catch {
return null;
}
}
export function parseAuthToken(req) {

View File

@ -26,24 +26,25 @@ export const useSession = createMiddleware(async (req, res, next) => {
export const useAuth = createMiddleware(async (req, res, next) => {
const token = getAuthToken(req);
const key = parseSecureToken(token, secret());
const payload = parseSecureToken(token, secret());
const shareToken = await parseShareToken(req);
let user;
const { userId, key } = payload || {};
if (validate(key)) {
user = await getUser({ id: key });
if (validate(userId)) {
user = await getUser({ id: userId });
} else if (redis.enabled) {
user = await redis.get(key);
}
log({ token, payload, user, shareToken });
if (!user && !shareToken) {
log('useAuth:user-not-authorized');
return unauthorized(res);
}
log({ user, token, shareToken, key });
req.auth = { user, token, shareToken, key };
next();
});