ambiser
/
umami
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated auth to check for uuid.

pull/1653/head
Mike Cao 2022-11-09 10:15:21 -08:00
parent 8a74138e17
commit 76cad96a24
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/middleware.js
View File

@ -1,9 +1,10 @@
import { createMiddleware, unauthorized, badRequest, parseSecureToken } from 'next-basics'; import { createMiddleware, unauthorized, badRequest, parseSecureToken } from 'next-basics';
import debug from 'debug'; import debug from 'debug';
import cors from 'cors'; import cors from 'cors';
import { validate } from 'uuid';
import { findSession } from 'lib/session'; import { findSession } from 'lib/session';
import { parseShareToken, getAuthToken } from 'lib/auth'; import { parseShareToken, getAuthToken } from 'lib/auth';
import { secret } from './crypto'; import { secret } from 'lib/crypto';
import redis from 'lib/redis'; import redis from 'lib/redis';
import { getUser } from '../queries'; import { getUser } from '../queries';
@ -29,7 +30,7 @@ export const useAuth = createMiddleware(async (req, res, next) => {
const shareToken = await parseShareToken(req); const shareToken = await parseShareToken(req);
let user; let user;
if (redis.enabled) { if (redis.enabled && !validate(key)) {
user = await redis.get(key); user = await redis.get(key);
} else { } else {
user = await getUser({ id: key }); user = await getUser({ id: key });
@ -40,6 +41,8 @@ export const useAuth = createMiddleware(async (req, res, next) => {
return unauthorized(res); return unauthorized(res);
} }
log({ user, token, shareToken, key });
req.auth = { user, token, shareToken, key }; req.auth = { user, token, shareToken, key };
next(); next();
}); });

2
pages/api/users/index.js
View File

@ -6,7 +6,7 @@ import { createUser, getUser, getUsers } from 'queries';
export default async (req, res) => { export default async (req, res) => {
await useAuth(req, res); await useAuth(req, res);
const { isAdmin } = req.auth; const { isAdmin } = req.auth.user;
if (!isAdmin) { if (!isAdmin) {
return unauthorized(res); return unauthorized(res);