From 965d99d137c008ccb558f28fb733a27e6071f9ff Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Sat, 13 Apr 2024 17:19:04 -0400 Subject: [PATCH] Fix socket auth --- packages/backend/src/helpers.js | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/packages/backend/src/helpers.js b/packages/backend/src/helpers.js index 224e907f..d757abb0 100644 --- a/packages/backend/src/helpers.js +++ b/packages/backend/src/helpers.js @@ -1155,34 +1155,22 @@ async function jwt_auth(req){ token = token.replace('Bearer ', '') try{ - const jwt = require('jsonwebtoken'); - const decoded = jwt.verify(token, config.jwt_secret) + const svc_auth = Context.get('services').get('auth'); + const actor = await svc_auth.authenticate_from_token(token); - if ( decoded.type ) { - // This is usually not the correct way to throw an APIError; - // this is a workaround for the existing error handling in auth, - // which is well tested, stable, and legacy (no sense in refactoring) + if ( ! actor.type?.constructor?.name === 'UserActorType' ) { throw({ message: APIError.create('token_unsupported') .serialize(), }); } - /** @type BaseDatabaseAccessService */ - const db = services.get('database').get(DB_READ, 'filesystem'); - - // in the vast majority of cases looking up a user should succeed unless the request is invalid (rare case), - // that's why we first hit up the read replica and if not successful we try the master DB - let user = await db.requireRead('SELECT * FROM `user` WHERE `uuid` = ? LIMIT 1', [decoded.uuid]); - - // unsuccessful - if(!user[0]) - throw(''); - // successful - else { - return {user: user[0], token: token}; - } + return { + user: actor.type.user, + token: token, + }; }catch(e){ + console.log('ERROR', e); throw(e.message); } }