From 50e421d64d51bd39164b8e95bf06df929a46c160 Mon Sep 17 00:00:00 2001
From: dm <dm@arillo.net>
Date: Tue, 20 Apr 2021 15:14:41 +0200
Subject: [PATCH] fix api-token check

---
 middlewares/session.js | 53 +++++++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/middlewares/session.js b/middlewares/session.js
index b9e8a0b..b4830fb 100644
--- a/middlewares/session.js
+++ b/middlewares/session.js
@@ -1,22 +1,22 @@
-'use strict';
+"use strict";
 
-const db = require('../models/db');
-var config = require('config');
+const db = require("../models/db");
+var config = require("config");
 
 module.exports = (req, res, next) => {
-
   // authentication via API token
   const api_token = req.headers["x-spacedeck-api-token"];
 
-  if (api_token && api_token.length>7) {
-    db.User.findOne({where: {api_token: api_token}}).then(user => {
-      req.user = user;
-      next();
-    }).error(err => {
-      res.status(403).json({
-        "error": "invalid_api-token"
-      });
-      next();
+  if (api_token && api_token.length > 7) {
+    db.User.findOne({ where: { api_token: api_token } }).then((user) => {
+      if (user) {
+        req.user = user;
+        next();
+      } else {
+        res.status(403).json({
+          error: "invalid_api-token",
+        });
+      }
     });
 
     return;
@@ -26,28 +26,29 @@ module.exports = (req, res, next) => {
   const token = req.cookies["sdsession"];
 
   if (token && token != "null" && token != null) {
-    db.Session.findOne({where: {token: token}})
-      .then(session => {
+    db.Session.findOne({ where: { token: token } })
+      .then((session) => {
         if (!session) {
           // session not found
           next();
-        }
-        else db.User.findOne({where: {_id: session.user_id}})
-          .then(user => {
+        } else
+          db.User.findOne({ where: { _id: session.user_id } }).then((user) => {
             if (!user) {
-              var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
-              res.clearCookie('sdsession', { domain: domain });
+              var domain =
+                process.env.NODE_ENV == "production"
+                  ? new URL(config.get("endpoint")).hostname
+                  : req.headers.hostname;
+              res.clearCookie("sdsession", { domain: domain });
 
               if (req.accepts("text/html")) {
                 res.send("Please clear your cookies and try again.");
-              } else if (req.accepts('application/json')) {
+              } else if (req.accepts("application/json")) {
                 res.status(403).json({
-                  "error": "token_not_found"
+                  error: "token_not_found",
                 });
               } else {
                 res.send("Please clear your cookies and try again.");
               }
-
             } else {
               req["token"] = token;
               req["user"] = user;
@@ -55,11 +56,11 @@ module.exports = (req, res, next) => {
             }
           });
       })
-      .error(err => {
-        console.error("Session resolve error",err);
+      .error((err) => {
+        console.error("Session resolve error", err);
         next();
       });
   } else {
     next();
   }
-}
+};