fix api-token check

2025-12-16 01:47:30 +01:00 · 2021-04-20 15:14:41 +02:00
parent c88433fcff
commit 50e421d64d
1 changed files with 27 additions and 26 deletions
--- a/middlewares/session.js
+++ b/middlewares/session.js
@@ -1,22 +1,22 @@
-'use strict';
+"use strict";

-const db = require('../models/db');
-var config = require('config');
+const db = require("../models/db");
+var config = require("config");

 module.exports = (req, res, next) => {
-
  // authentication via API token
  const api_token = req.headers["x-spacedeck-api-token"];

-  if (api_token && api_token.length>7) {
-    db.User.findOne({where: {api_token: api_token}}).then(user => {
+  if (api_token && api_token.length > 7) {
+    db.User.findOne({ where: { api_token: api_token } }).then((user) => {
+      if (user) {
        req.user = user;
        next();
-    }).error(err => {
+      } else {
        res.status(403).json({
-        "error": "invalid_api-token"
+          error: "invalid_api-token",
        });
-      next();
+      }
    });

    return;
@@ -26,28 +26,29 @@ module.exports = (req, res, next) => {
  const token = req.cookies["sdsession"];

  if (token && token != "null" && token != null) {
-    db.Session.findOne({where: {token: token}})
-      .then(session => {
+    db.Session.findOne({ where: { token: token } })
+      .then((session) => {
        if (!session) {
          // session not found
          next();
-        }
-        else db.User.findOne({where: {_id: session.user_id}})
-          .then(user => {
+        } else
+          db.User.findOne({ where: { _id: session.user_id } }).then((user) => {
            if (!user) {
-              var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
-              res.clearCookie('sdsession', { domain: domain });
+              var domain =
+                process.env.NODE_ENV == "production"
+                  ? new URL(config.get("endpoint")).hostname
+                  : req.headers.hostname;
+              res.clearCookie("sdsession", { domain: domain });

              if (req.accepts("text/html")) {
                res.send("Please clear your cookies and try again.");
-              } else if (req.accepts('application/json')) {
+              } else if (req.accepts("application/json")) {
                res.status(403).json({
-                  "error": "token_not_found"
+                  error: "token_not_found",
                });
              } else {
                res.send("Please clear your cookies and try again.");
              }
-
            } else {
              req["token"] = token;
              req["user"] = user;
@@ -55,11 +56,11 @@ module.exports = (req, res, next) => {
            }
          });
      })
-      .error(err => {
-        console.error("Session resolve error",err);
+      .error((err) => {
+        console.error("Session resolve error", err);
        next();
      });
  } else {
    next();
  }
-}
+};