code review: don't create auth token if using header auth

2022-05-06 21:40:30 -07:00 · 2022-05-06 21:40:30 -07:00 · f74f7b1f1a
commit f74f7b1f1a
parent 05cc23a144
3 changed files with 45 additions and 57 deletions
--- a/server/src/lib/middleware/is-signed-in.ts
+++ b/server/src/lib/middleware/is-signed-in.ts
@ -12,7 +12,7 @@ export interface UserJwtRequest extends Request {
 	user?: User
 }

-export default async function authenticateToken(
+export default async function isSignedIn(
 	req: UserJwtRequest,
 	res: Response,
 	next: NextFunction
@ -35,59 +35,51 @@ export default async function authenticateToken(
 			await user.save()
 		}

-		if (!token) {
-			const token = jwt.sign({ id: user.id }, config.jwt_secret, {
-				expiresIn: "2d"
-			})
-			const authToken = new AuthToken({
-				userId: user.id,
-				token: token
-			})
-			await authToken.save()
+		req.user = user
+		next()
+	} else {
+		if (token == null) return res.sendStatus(401)
+
+		const authToken = await AuthToken.findOne({ where: { token: token } })
+		if (authToken == null) {
+			return res.sendStatus(401)
 		}
-	}
 	
-	if (token == null) return res.sendStatus(401)
+		if (authToken.deletedAt) {
+			return res.sendStatus(401).json({
+				message: "Token is no longer valid"
+			})
+		}
 	
-	const authToken = await AuthToken.findOne({ where: { token: token } })
-	if (authToken == null) {
-		return res.sendStatus(401)
-	}
+		jwt.verify(token, config.jwt_secret, async (err: any, user: any) => {
+			if (err) {
+				if (config.header_auth) {
+					// if the token has expired or is invalid, we need to delete it and generate a new one
+					authToken.destroy()
+					const token = jwt.sign({ id: user.id }, config.jwt_secret, {
+						expiresIn: "2d"
+					})
+					const newToken = new AuthToken({
+						userId: user.id,
+						token: token
+					})
+					await newToken.save()
+				} else {
+					return res.sendStatus(403)
+				}
+			}
 	
-	if (authToken.deletedAt) {
-		return res.sendStatus(401).json({
-			message: "Token is no longer valid"
-		})
-	}
-
-	jwt.verify(token, config.jwt_secret, async (err: any, user: any) => {
-		if (err) {
-			if (config.header_auth) {
-				// if the token has expired or is invalid, we need to delete it and generate a new one
-				authToken.destroy()
-				const token = jwt.sign({ id: user.id }, config.jwt_secret, {
-					expiresIn: "2d"
-				})
-				const newToken = new AuthToken({
-					userId: user.id,
-					token: token
-				})
-				await newToken.save()
-			} else {
+			const userObj = await UserModel.findByPk(user.id, {
+				attributes: {
+					exclude: ["password"]
+				}
+			})
+			if (!userObj) {
 				return res.sendStatus(403)
 			}
-		}
+			req.user = user
 	
-		const userObj = await UserModel.findByPk(user.id, {
-			attributes: {
-				exclude: ["password"]
-			}
+			next()
 		})
-		if (!userObj) {
-			return res.sendStatus(403)
-		}
-		req.user = user
-
-		next()
-	})
+	}
 }
--- a/server/src/lib/middleware/secret-key.ts
+++ b/server/src/lib/middleware/secret-key.ts
@ -1,7 +1,7 @@
 import config from "@lib/config"
 import { NextFunction, Request, Response } from "express"

-export default function authenticateToken(
+export default function secretKey(
 	req: Request,
 	res: Response,
 	next: NextFunction
--- a/server/src/routes/auth.ts
+++ b/server/src/routes/auth.ts
@ -95,10 +95,6 @@ auth.post(
 		}
 	}),
 	async (req, res) => {
-		if (config.header_auth) {
-
-		}
-
 		const error = "User does not exist or password is incorrect"
 		const errorToThrow = new Error(error)
 		try {