refactor(api): remove auth cookie checks

just get the authorization header
This commit is contained in:
parent ec13656660
commit 4139f6fd58
Signed by: tablet
GPG Key ID: 924A5F6AF051E87C
2 changed files with 20 additions and 13 deletions

@ -1,6 +1,6 @@
export default eventHandler((event) => {
let ahead = (getHeaders(event).authorization || getCookie(event, "auth:token") || "")?.replace("Bearer ", "");
if (event.context.currentUser) {
let ahead = (getHeaders(event).authorization || "")?.replace("Bearer ", "");
if (event.context.currentUser && ahead) {
return {
token: ahead,
user: event.context.currentUser,

@ -2,19 +2,26 @@ import jwt from "jsonwebtoken";
import { log } from "@server/logger";
import { messages } from "@server/constants";
import { User } from "@models/user";
import { AccessToken } from "@models/oauth";
import { IJwt } from "@server/types/authstuff";
export default defineEventHandler(async (event) => {
let ahead = (getHeaders(event).authorization || getCookie(event, "auth:token") || "")?.replace("Bearer ", "");
// console.log("in here fucknuts", ahead);
// log.debug(`'${ahead}'`, { label: "idk" });
let ahead = (getHeaders(event).authorization || "")?.replace("Bearer ", "");
if (ahead) {
let toktok = jwt.verify(
ahead,
// ahead.replace("Bearer ", ""),
useRuntimeConfig().jwt,
) as jwt.JwtPayload;
let user = await User.findById(toktok.id as number).exec();
if (user && toktok) event.context.currentUser = user;
// setCookie(event, "auth:token", ahead)
let toktok: jwt.JwtPayload;
try {
toktok = jwt.verify(ahead, useRuntimeConfig().jwt) as IJwt;
let user = await User.findById(toktok.id as number).exec();
if (user && toktok) event.context.currentUser = user;
} catch (e) {
const t = await AccessToken.findOne({ token: ahead });
if (!t)
throw createError({
statusCode: 401,
message: messages[401],
});
let user = await User.findById(t.userID);
if (user) event.context.currentUser = user;
}
}
});