api/middleware/Auth.ts

/**
* This file is part of SudoBot.
* 
* Copyright (C) 2021-2022 OSN Inc.
*
* SudoBot is free software; you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by 
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* 
* SudoBot is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of 
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License 
* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
*/

import { NextFunction, Response } from "express";
import Request from "../Request";
import jwt, { JwtPayload } from 'jsonwebtoken';
import User from "../../models/User";

export default async function Auth(request: Request, response: Response, next: NextFunction) {
    if (!request.user) {
        const { authorization } = request.headers;

        if (!authorization) {
            next();
            return;
        }

        const [type, token] = authorization.split(/ +/);

        if (type !== "Bearer") {
            return response.status(401).send({ error: "Only Bearer tokens are supported" });
        }

        if (!token) {
            return response.status(401).send({ error: "No Bearer token provided" });
        }

        try {
            const { _id, discord_id, username } = jwt.verify(token, process.env.JWT_SECRET!) as JwtPayload;
            
            if (!_id || !discord_id || !username) {
                throw new Error();
            }

            const user = await User.findOne({ _id, discord_id, username });

            if (!user) {
                throw new Error();
            }

            request.user = user;
        } 
        catch (e) {
            console.log(e);   
            return response.status(401).send({ error: "Invalid token provided" });
        }
    }

    next();
}
1	/**
2	* This file is part of SudoBot.
3	*
4	* Copyright (C) 2021-2022 OSN Inc.
5	*
6	* SudoBot is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU Affero General Public License as published by
8	* the Free Software Foundation, either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* SudoBot is distributed in the hope that it will be useful, but
12	* WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU Affero General Public License for more details.
15	*
16	* You should have received a copy of the GNU Affero General Public License
17	* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18	*/
19
20	import { NextFunction, Response } from "express";
21	import Request from "../Request";
22	import jwt, { JwtPayload } from 'jsonwebtoken';
23	import User from "../../models/User";
24
25	export default async function Auth(request: Request, response: Response, next: NextFunction) {
26	if (!request.user) {
27	const { authorization } = request.headers;
28
29	if (!authorization) {
30	next();
31	return;
32	}
33
34	const [type, token] = authorization.split(/ +/);
35
36	if (type !== "Bearer") {
37	return response.status(401).send({ error: "Only Bearer tokens are supported" });
38	}
39
40	if (!token) {
41	return response.status(401).send({ error: "No Bearer token provided" });
42	}
43
44	try {
45	const { _id, discord_id, username } = jwt.verify(token, process.env.JWT_SECRET!) as JwtPayload;
46
47	if (!_id \|\| !discord_id \|\| !username) {
48	throw new Error();
49	}
50
51	const user = await User.findOne({ _id, discord_id, username });
52
53	if (!user) {
54	throw new Error();
55	}
56
57	request.user = user;
58	}
59	catch (e) {
60	console.log(e);
61	return response.status(401).send({ error: "Invalid token provided" });
62	}
63	}
64
65	next();
66	}