refactor(api): remove auth cookie checks

just get the authorization header

server/api/auth/session.get.ts

@@ -1,6 +1,6 @@
 export default eventHandler((event) => {
-	let ahead = (getHeaders(event).authorization || getCookie(event, "auth:token") || "")?.replace("Bearer ", "");
+	let ahead = (getHeaders(event).authorization || "")?.replace("Bearer ", "");
-	if (event.context.currentUser) {
+	if (event.context.currentUser && ahead) {
 		return {
 			token: ahead,
 			user: event.context.currentUser,

server/middleware/05.currentUser.ts

@@ -2,19 +2,26 @@ import jwt from "jsonwebtoken";
 import { log } from "@server/logger";
 import { messages } from "@server/constants";
 import { User } from "@models/user";
+import { AccessToken } from "@models/oauth";
+import { IJwt } from "@server/types/authstuff";
 
 export default defineEventHandler(async (event) => {
-	let ahead = (getHeaders(event).authorization || getCookie(event, "auth:token") || "")?.replace("Bearer ", "");
+	let ahead = (getHeaders(event).authorization || "")?.replace("Bearer ", "");
-	// console.log("in here fucknuts", ahead);
-	// log.debug(`'${ahead}'`, { label: "idk" });
 	if (ahead) {
-		let toktok = jwt.verify(
+		let toktok: jwt.JwtPayload;
-			ahead,
+		try {
-			// ahead.replace("Bearer ", ""),
+			toktok = jwt.verify(ahead, useRuntimeConfig().jwt) as IJwt;
-			useRuntimeConfig().jwt,
+			let user = await User.findById(toktok.id as number).exec();
-		) as jwt.JwtPayload;
+			if (user && toktok) event.context.currentUser = user;
-		let user = await User.findById(toktok.id as number).exec();
+		} catch (e) {
-		if (user && toktok) event.context.currentUser = user;
+			const t = await AccessToken.findOne({ token: ahead });
-		// setCookie(event, "auth:token", ahead)
+			if (!t)
+				throw createError({
+					statusCode: 401,
+					message: messages[401],
+				});
+			let user = await User.findById(t.userID);
+			if (user) event.context.currentUser = user;
+		}
 	}
 });