api/middleware/Auth.ts

/**
* This file is part of SudoBot.
* 
* Copyright (C) 2021-2022 OSN Inc.
*
* SudoBot is free software; you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by 
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* 
* SudoBot is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of 
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License 
* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
*/

import { NextFunction, Response } from "express";
import Request from "../Request";
import jwt, { JwtPayload } from 'jsonwebtoken';
import User from "../../models/User";

export default async function Auth(request: Request, response: Response, next: NextFunction) {
    if (!request.user) {
        const { authorization } = request.headers;

        if (!authorization) {
            next();
            return;
        }

        const [type, token] = authorization.split(/ +/);

        if (type !== "Bearer") {
            return response.status(401).send({ error: "Only Bearer tokens are supported" });
        }

        if (!token) {
            return response.status(401).send({ error: "No Bearer token provided" });
        }

        try {
            const { _id, discord_id, username } = jwt.verify(token, process.env.JWT_SECRET!) as JwtPayload;
            
            if (!_id || !discord_id || !username) {
                throw new Error();
            }

            const user = await User.findOne({ _id, discord_id, username });

            if (!user) {
                throw new Error();
            }

            request.user = user;
        } 
        catch (e) {
            console.log(e);   
            return response.status(401).send({ error: "Invalid token provided" });
        }
    }

    next();
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2022 OSN Inc.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import { NextFunction, Response } from "express";
21			import Request from "../Request";
22			import jwt, { JwtPayload } from 'jsonwebtoken';
23			import User from "../../models/User";
24
25			export default async function Auth(request: Request, response: Response, next: NextFunction) {
26			if (!request.user) {
27			const { authorization } = request.headers;
28
29			if (!authorization) {
30			next();
31			return;
32			}
33
34			const [type, token] = authorization.split(/ +/);
35
36			if (type !== "Bearer") {
37			return response.status(401).send({ error: "Only Bearer tokens are supported" });
38			}
39
40			if (!token) {
41			return response.status(401).send({ error: "No Bearer token provided" });
42			}
43
44			try {
45			const { _id, discord_id, username } = jwt.verify(token, process.env.JWT_SECRET!) as JwtPayload;
46
47			if (!_id \|\| !discord_id \|\| !username) {
48			throw new Error();
49			}
50
51			const user = await User.findOne({ _id, discord_id, username });
52
53			if (!user) {
54			throw new Error();
55			}
56
57			request.user = user;
58			}
59			catch (e) {
60			console.log(e);
61			return response.status(401).send({ error: "Invalid token provided" });
62			}
63			}
64
65			next();
66			}