engineering
/
cloudservices
3
0
Fork 1
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

Fix issue with auth

merge-requests/1/merge
Matthew 2019-11-16 20:13:35 -05:00
parent cc0416c67e
commit 35519fd948
No known key found for this signature in database
GPG Key ID: 766BE43AE75F7559
2 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/Security.ts
View File

@ -43,16 +43,12 @@ export default class Security {
} }
public extractBearer(req: Request): string { public extractBearer(req: Request): string {
const url = new URL(req.url);
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') { if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
return req.headers.authorization.split(' ')[1]; return req.headers.authorization.split(' ')[1];
} }
if (req.query && req.query.token) { if (req.query && req.query.token) {
return req.query.token; return req.query.token;
} }
if (url.password) {
return url.password;
}
return 'null'; return 'null';
} }
} }

6
src/api/routes/Account.ts
View File

@ -9,8 +9,7 @@ export default class Account extends Route {
public bind() { public bind() {
this.router.use(async (req, res, next) => { this.router.use(async (req, res, next) => {
const url = new URL(req.url); const account = await this.server.client.db.Account.findOne({ username: req.query.username });
const account = await this.server.client.db.Account.findOne({ username: url.username });
if (!account) return res.status(401).json({ code: this.constants.codes.ACCOUNT_NOT_FOUND, message: 'UNAUTHORIZED' }); if (!account) return res.status(401).json({ code: this.constants.codes.ACCOUNT_NOT_FOUND, message: 'UNAUTHORIZED' });
// eslint-disable-next-line no-underscore-dangle // eslint-disable-next-line no-underscore-dangle
const authResult = await this.server.security.checkBearer(account._id, this.server.security.extractBearer(req)); const authResult = await this.server.security.checkBearer(account._id, this.server.security.extractBearer(req));
@ -19,8 +18,7 @@ export default class Account extends Route {
}); });
this.router.get('/', async (req, res) => { this.router.get('/', async (req, res) => {
const url = new URL(req.url); const account = await this.server.client.db.Account.findOne({ username: req.query.username });
const account = await this.server.client.db.Account.findOne({ username: url.username });
const acc: any = {}; const acc: any = {};
acc.username = account.username; acc.username = account.username;
acc.userID = account.userID; acc.userID = account.userID;