Merge pull request #1653 from umami-software/dev

merge dev to analytics
2024-06-30 13:41:50 +02:00 · 2022-11-15 11:52:14 -08:00 · 2022-11-15 11:52:14 -08:00 · f0a072ca9b
commit f0a072ca9b
parent 7271951871 091716e037
2 changed files with 11 additions and 8 deletions
--- a/lib/auth.js
+++ b/lib/auth.js
@ -7,9 +7,11 @@ import { secret } from 'lib/crypto';
 const log = debug('umami:auth');

 export function getAuthToken(req) {
-  const token = req.headers.authorization;
-
-  return token.split(' ')[1];
+  try {
+    return req.headers.authorization.split(' ')[1];
+  } catch {
+    return null;
+  }
 }

 export function parseAuthToken(req) {
--- a/lib/middleware.js
+++ b/lib/middleware.js
@ -26,24 +26,25 @@ export const useSession = createMiddleware(async (req, res, next) => {

 export const useAuth = createMiddleware(async (req, res, next) => {
  const token = getAuthToken(req);
-  const key = parseSecureToken(token, secret());
+  const payload = parseSecureToken(token, secret());
  const shareToken = await parseShareToken(req);

  let user;
+  const { userId, key } = payload || {};

-  if (validate(key)) {
-    user = await getUser({ id: key });
+  if (validate(userId)) {
+    user = await getUser({ id: userId });
  } else if (redis.enabled) {
    user = await redis.get(key);
  }

+  log({ token, payload, user, shareToken });
+
  if (!user && !shareToken) {
    log('useAuth:user-not-authorized');
    return unauthorized(res);
  }

-  log({ user, token, shareToken, key });
-
  req.auth = { user, token, shareToken, key };
  next();
 });