HOTFIX: how long was this broken?

HOTFIX: I hate everything right now
HOTFIX: don't test in prod
2024-01-01 11:57:43 +11:00 · 2023-12-24 07:06:20 +11:00 · 2023-12-24 06:43:05 +11:00 · 2023-12-24 05:38:27 +11:00 · 2023-12-24 05:00:49 +11:00
6 changed files with 35 additions and 5 deletions
@@ -1,12 +1,12 @@
 {
  "name": "auth-server",
-  "version": "1.8.1",
+  "version": "1.8.6",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "auth-server",
-      "version": "1.8.1",
+      "version": "1.8.6",
      "license": "ISC",
      "dependencies": {
        "bcryptjs": "^2.4.3",
@@ -1,6 +1,6 @@
 {
  "name": "auth-server",
-  "version": "1.8.1",
+  "version": "1.8.6",
  "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
  "main": "server/server.js",
  "scripts": {
@@ -5,6 +5,7 @@ const { accounts } = require('../database/models');

 //middleware
 const tokenAuth = require('../utilities/token-auth');
+const tokenDecode = require('../utilities/token-decode');

 //signup -> validate -> login all without a token
 router.post('/signup', require('./signup'));
@@ -19,11 +20,14 @@ router.patch('/reset', require('./password-reset'));
 //logouts allowed when banned, and when the token itself is invalid
 router.delete('/logout', require('./logout'));

+//authenticate token
+router.use(tokenDecode);
+
 //middleware
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
-			email: req.user.email || ''
+			email: req.user?.email || ''
 		}
 	});

@@ -6,7 +6,7 @@ module.exports = (req, res, next) => {
 	const accessToken = authHeader?.split(' ')[1]; //'Bearer token'

 	if (!accessToken) {
-		return res.status(401).send('No access token found');
+		return res.status(401).send('No access token provided');
 	}

 	return jwt.verify(accessToken, process.env.SECRET_ACCESS, (err, user) => {
@@ -0,0 +1,17 @@
+const jwt = require('jsonwebtoken');
+
+//middleware to decode the JWT token
+module.exports = (req, res, next) => {
+	const authHeader = req.headers['authorization'];
+	const accessToken = authHeader?.split(' ')[1]; //'Bearer token'
+
+	if (!accessToken) {
+		return res.status(401).send('No access token provided');
+	}
+
+	const decoded = jwt.decode(accessToken);
+
+	req.user = decoded;
+
+	return next();
+};
@@ -48,6 +48,9 @@ const TokenProvider = props => {
 			//ping the auth server for a new access token
 			const response = await fetch(`${process.env.AUTH_URI}/auth/token`, {
 				method: 'POST',
+				headers: {
+					'Authorization': `Bearer ${bearer}`
+				},
 				credentials: 'include'
 			});

@@ -79,6 +82,9 @@ const TokenProvider = props => {

 	//access the refreshed token via callback
 	const tokenCallback = async (cb) => {
+		//use this?
+		let bearer = accessToken;
+
 		//if expired (10 minutes, normally)
 		const expired = new Date(decode(accessToken).exp) < Date.now() / 1000;

@@ -86,6 +92,9 @@ const TokenProvider = props => {
 			//ping the auth server for a new token
 			const response = await fetch(`${process.env.AUTH_URI}/auth/token`, {
 				method: 'POST',
+				headers: {
+					'Authorization': `Bearer ${bearer}`
+				},
 				credentials: 'include'
 			});
Author	SHA1	Message	Date
Ratstail91	7429c4a1ee	HOTFIX: how long was this broken?	2024-01-01 11:57:43 +11:00
Ratstail91	ee705c6d43	HOTFIX: I hate everything right now	2023-12-24 07:06:20 +11:00
Ratstail91	58bc3f6b9d	HOTFIX: don't test in prod	2023-12-24 06:43:05 +11:00
Ratstail91	288e584cbd	Hotfixes all the way down	2023-12-24 05:38:27 +11:00
Ratstail91	8ab786b934	Hotfix a hotfix	2023-12-24 05:00:49 +11:00