Bsian 2019-11-17 01:14:11 +00:00
commit 6fdf77555a
No known key found for this signature in database
GPG Key ID: 097FB9A291026091
2 changed files with 2 additions and 8 deletions

View File

@ -43,16 +43,12 @@ export default class Security {
}
public extractBearer(req: Request): string {
const url = new URL(req.url);
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
return req.headers.authorization.split(' ')[1];
}
if (req.query && req.query.token) {
return req.query.token;
}
if (url.password) {
return url.password;
}
return 'null';
}
}

View File

@ -9,8 +9,7 @@ export default class Account extends Route {
public bind() {
this.router.use(async (req, res, next) => {
const url = new URL(req.url);
const account = await this.server.client.db.Account.findOne({ username: url.username });
const account = await this.server.client.db.Account.findOne({ username: req.query.username });
if (!account) return res.status(401).json({ code: this.constants.codes.ACCOUNT_NOT_FOUND, message: 'UNAUTHORIZED' });
// eslint-disable-next-line no-underscore-dangle
const authResult = await this.server.security.checkBearer(account._id, this.server.security.extractBearer(req));
@ -19,8 +18,7 @@ export default class Account extends Route {
});
this.router.get('/', async (req, res) => {
const url = new URL(req.url);
const account = await this.server.client.db.Account.findOne({ username: url.username });
const account = await this.server.client.db.Account.findOne({ username: req.query.username });
const acc: any = {};
acc.username = account.username;
acc.userID = account.userID;