Hotfixes all the way down

Hotfix a hotfix
2023-12-24 05:38:27 +11:00 · 2023-12-24 05:00:49 +11:00
5 changed files with 29 additions and 4 deletions
@@ -1,12 +1,12 @@
 {
  "name": "auth-server",
-  "version": "1.8.1",
+  "version": "1.8.3",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "auth-server",
-      "version": "1.8.1",
+      "version": "1.8.3",
      "license": "ISC",
      "dependencies": {
        "bcryptjs": "^2.4.3",
@@ -1,6 +1,6 @@
 {
  "name": "auth-server",
-  "version": "1.8.1",
+  "version": "1.8.3",
  "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
  "main": "server/server.js",
  "scripts": {
@@ -5,6 +5,7 @@ const { accounts } = require('../database/models');

 //middleware
 const tokenAuth = require('../utilities/token-auth');
+const tokenDecode = require('../utilities/token-decode');

 //signup -> validate -> login all without a token
 router.post('/signup', require('./signup'));
@@ -19,6 +20,9 @@ router.patch('/reset', require('./password-reset'));
 //logouts allowed when banned, and when the token itself is invalid
 router.delete('/logout', require('./logout'));

+//authenticate token
+router.use(tokenDecode);
+
 //middleware
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
@@ -6,7 +6,7 @@ module.exports = (req, res, next) => {
 	const accessToken = authHeader?.split(' ')[1]; //'Bearer token'

 	if (!accessToken) {
-		return res.status(401).send('No access token found');
+		return res.status(401).send('No access token provided');
 	}

 	return jwt.verify(accessToken, process.env.SECRET_ACCESS, (err, user) => {
@@ -0,0 +1,21 @@
+const jwt = require('jsonwebtoken');
+
+//middleware to decode the JWT token
+module.exports = (req, res, next) => {
+	const authHeader = req.headers['authorization'];
+	const accessToken = authHeader?.split(' ')[1]; //'Bearer token'
+
+	if (!accessToken) {
+		return res.status(401).send('No access token provided');
+	}
+
+	return jwt.decode(accessToken, process.env.SECRET_ACCESS, (err, user) => {
+		if (err) {
+			return res.status(403).send(err);
+		}
+
+		req.user = user;
+
+		return next();
+	});
+};
Author	SHA1	Message	Date
Ratstail91	288e584cbd	Hotfixes all the way down	2023-12-24 05:38:27 +11:00
Ratstail91	8ab786b934	Hotfix a hotfix	2023-12-24 05:00:49 +11:00