code review: don't create auth token if using header auth

This commit is contained in:
Max Leiter 2022-05-06 21:40:30 -07:00
parent 05cc23a144
commit f74f7b1f1a
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG key ID: A3512F2F2F17EBDA
3 changed files with 45 additions and 57 deletions

View file

@ -12,7 +12,7 @@ export interface UserJwtRequest extends Request {
user?: User user?: User
} }
export default async function authenticateToken( export default async function isSignedIn(
req: UserJwtRequest, req: UserJwtRequest,
res: Response, res: Response,
next: NextFunction next: NextFunction
@ -35,18 +35,9 @@ export default async function authenticateToken(
await user.save() await user.save()
} }
if (!token) { req.user = user
const token = jwt.sign({ id: user.id }, config.jwt_secret, { next()
expiresIn: "2d" } else {
})
const authToken = new AuthToken({
userId: user.id,
token: token
})
await authToken.save()
}
}
if (token == null) return res.sendStatus(401) if (token == null) return res.sendStatus(401)
const authToken = await AuthToken.findOne({ where: { token: token } }) const authToken = await AuthToken.findOne({ where: { token: token } })
@ -90,4 +81,5 @@ export default async function authenticateToken(
next() next()
}) })
}
} }

View file

@ -1,7 +1,7 @@
import config from "@lib/config" import config from "@lib/config"
import { NextFunction, Request, Response } from "express" import { NextFunction, Request, Response } from "express"
export default function authenticateToken( export default function secretKey(
req: Request, req: Request,
res: Response, res: Response,
next: NextFunction next: NextFunction

View file

@ -95,10 +95,6 @@ auth.post(
} }
}), }),
async (req, res) => { async (req, res) => {
if (config.header_auth) {
}
const error = "User does not exist or password is incorrect" const error = "User does not exist or password is incorrect"
const errorToThrow = new Error(error) const errorToThrow = new Error(error)
try { try {