Make "validateAccessToken" function return AccessToken object

This commit is contained in:
Aelita4 2023-12-25 16:20:22 +01:00
parent c0c0dab25a
commit cfc7fef6c4
Signed by: Aelita4
GPG Key ID: E44490C2025906C1
2 changed files with 22 additions and 9 deletions

View File

@ -1,15 +1,18 @@
import type AccessToken from "../../types/AccessToken";
import { getAccessToken } from "../db/accessTokens"; import { getAccessToken } from "../db/accessTokens";
export default async function validateAccessToken(request: Request): Promise<Response | AccessToken> { export default async function validateAccessToken(request: Request): Promise<Response | string> {
const accessToken = request.url.split("?")[1]?.split("&").filter((x) => x.split("=")[0] === "token")[0].split("=")[1]; let accessToken = request.url.split("?")[1]?.split("&").filter((x) => x.split("=")[0] === "token")[0].split("=")[1];
const cookies = request.headers.get("Cookie")?.split(";").map((x) => x.trim().split("=")) ?? [];
if(accessToken === undefined) accessToken = cookies.filter((x) => x[0] === "sessionToken")[0]?.[1];
if(accessToken === undefined) return new Response( if(accessToken === undefined) return new Response(
JSON.stringify({ JSON.stringify({
code: 401, code: 401,
message: "Unauthorized", message: "Unauthorized",
error: "Missing Access Token" error: "Missing Access Token"
}) }), { status: 401 }
); );
const response = await getAccessToken(accessToken); const response = await getAccessToken(accessToken);
@ -19,7 +22,7 @@ export default async function validateAccessToken(request: Request): Promise<Res
code: 401, code: 401,
message: "Unauthorized", message: "Unauthorized",
error: "Invalid Access Token" error: "Invalid Access Token"
}) }), { status: 401 }
); );
if(response.createdAt.getTime() > Date.now()) return new Response( if(response.createdAt.getTime() > Date.now()) return new Response(
@ -27,7 +30,7 @@ export default async function validateAccessToken(request: Request): Promise<Res
code: 403, code: 403,
message: "Forbidden", message: "Forbidden",
data: "Access token is invalid for user " + response.username + ", are you travelling in time?" data: "Access token is invalid for user " + response.username + ", are you travelling in time?"
}) }), { status: 403 }
); );
if(response.expiresAt !== null && response.expiresAt.getTime() < Date.now()) return new Response( if(response.expiresAt !== null && response.expiresAt.getTime() < Date.now()) return new Response(
@ -35,8 +38,8 @@ export default async function validateAccessToken(request: Request): Promise<Res
code: 403, code: 403,
message: "Forbidden", message: "Forbidden",
data: "Access token is invalid for user " + response.username + ", token expired" data: "Access token is invalid for user " + response.username + ", token expired"
}) }), { status: 403 }
); );
return response; return accessToken;
} }

View File

@ -1,15 +1,25 @@
import type { APIRoute } from "astro"; import type { APIRoute } from "astro";
import validateAccessToken from "../../../lib/utils/validateAccessToken"; import validateAccessToken from "../../../lib/utils/validateAccessToken";
import { getAccessToken } from "../../../lib/db/accessTokens";
export const GET: APIRoute = async({ request }) => { export const GET: APIRoute = async({ request }) => {
const response = await validateAccessToken(request); const response = await validateAccessToken(request);
if(response instanceof Response) return response; if(response instanceof Response) return response;
const accessToken = await getAccessToken(response);
if(!accessToken) return new Response(
JSON.stringify({
code: 404,
message: "Not Found",
data: "Access token not found"
}), { status: 404 }
);
return new Response( return new Response(
JSON.stringify({ JSON.stringify({
code: 200, code: 200,
message: "OK", message: "OK",
data: "Access token valid for user " + response.username data: "Access token valid for user " + accessToken.username
}) })
); );
} }