From 76cad96a244553210df08a536d6c1dca67821940 Mon Sep 17 00:00:00 2001
From: Mike Cao <mike@mikecao.com>
Date: Wed, 9 Nov 2022 10:15:21 -0800
Subject: [PATCH] Updated auth to check for uuid.

---
 lib/middleware.js        | 7 +++++--
 pages/api/users/index.js | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/middleware.js b/lib/middleware.js
index 1c79864c..c7005d90 100644
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -1,9 +1,10 @@
 import { createMiddleware, unauthorized, badRequest, parseSecureToken } from 'next-basics';
 import debug from 'debug';
 import cors from 'cors';
+import { validate } from 'uuid';
 import { findSession } from 'lib/session';
 import { parseShareToken, getAuthToken } from 'lib/auth';
-import { secret } from './crypto';
+import { secret } from 'lib/crypto';
 import redis from 'lib/redis';
 import { getUser } from '../queries';
 
@@ -29,7 +30,7 @@ export const useAuth = createMiddleware(async (req, res, next) => {
   const shareToken = await parseShareToken(req);
 
   let user;
-  if (redis.enabled) {
+  if (redis.enabled && !validate(key)) {
     user = await redis.get(key);
   } else {
     user = await getUser({ id: key });
@@ -40,6 +41,8 @@ export const useAuth = createMiddleware(async (req, res, next) => {
     return unauthorized(res);
   }
 
+  log({ user, token, shareToken, key });
+
   req.auth = { user, token, shareToken, key };
   next();
 });
diff --git a/pages/api/users/index.js b/pages/api/users/index.js
index 92b29204..dc00dd75 100644
--- a/pages/api/users/index.js
+++ b/pages/api/users/index.js
@@ -6,7 +6,7 @@ import { createUser, getUser, getUsers } from 'queries';
 export default async (req, res) => {
   await useAuth(req, res);
 
-  const { isAdmin } = req.auth;
+  const { isAdmin } = req.auth.user;
 
   if (!isAdmin) {
     return unauthorized(res);