Make "validateAccessToken" function return AccessToken object

2023-12-25 16:20:22 +01:00 · 2023-12-25 16:20:22 +01:00 · cfc7fef6c4
parent c0c0dab25a
commit cfc7fef6c4
2 changed files with 22 additions and 9 deletions
--- a/src/lib/utils/validateAccessToken.ts
+++ b/src/lib/utils/validateAccessToken.ts
@ -1,15 +1,18 @@
-import type AccessToken from "../../types/AccessToken";
 import { getAccessToken } from "../db/accessTokens";

-export default async function validateAccessToken(request: Request): Promise<Response | AccessToken> {
-    const accessToken = request.url.split("?")[1]?.split("&").filter((x) => x.split("=")[0] === "token")[0].split("=")[1];
+export default async function validateAccessToken(request: Request): Promise<Response | string> {
+    let accessToken = request.url.split("?")[1]?.split("&").filter((x) => x.split("=")[0] === "token")[0].split("=")[1];
+
+    const cookies = request.headers.get("Cookie")?.split(";").map((x) => x.trim().split("=")) ?? [];
+
+    if(accessToken === undefined) accessToken = cookies.filter((x) => x[0] === "sessionToken")[0]?.[1];

    if(accessToken === undefined) return new Response(
        JSON.stringify({
            code: 401,
            message: "Unauthorized",
            error: "Missing Access Token"
-        })
+        }), { status: 401 }
    );

    const response = await getAccessToken(accessToken);
@ -19,7 +22,7 @@ export default async function validateAccessToken(request: Request): Promise<Res
            code: 401,
            message: "Unauthorized",
            error: "Invalid Access Token"
-        })
+        }), { status: 401 }
    );
    
    if(response.createdAt.getTime() > Date.now()) return new Response(
@ -27,7 +30,7 @@ export default async function validateAccessToken(request: Request): Promise<Res
            code: 403,
            message: "Forbidden",
            data: "Access token is invalid for user " + response.username + ", are you travelling in time?"
-        })
+        }), { status: 403 }
    );
    
    if(response.expiresAt !== null && response.expiresAt.getTime() < Date.now()) return new Response(
@ -35,8 +38,8 @@ export default async function validateAccessToken(request: Request): Promise<Res
            code: 403,
            message: "Forbidden",
            data: "Access token is invalid for user " + response.username + ", token expired"
-        })
+        }), { status: 403 }
    );

-    return response;
+    return accessToken;
 }
--- a/src/pages/api/auth/testAccessToken.ts
+++ b/src/pages/api/auth/testAccessToken.ts
@ -1,15 +1,25 @@
 import type { APIRoute } from "astro";
 import validateAccessToken from "../../../lib/utils/validateAccessToken";
+import { getAccessToken } from "../../../lib/db/accessTokens";

 export const GET: APIRoute = async({ request }) => {
    const response = await validateAccessToken(request);
    if(response instanceof Response) return response;

+    const accessToken = await getAccessToken(response);
+    if(!accessToken) return new Response(
+        JSON.stringify({
+            code: 404,
+            message: "Not Found",
+            data: "Access token not found"
+        }), { status: 404 }
+    );
+
    return new Response(
        JSON.stringify({
            code: 200,
            message: "OK",
-            data: "Access token valid for user " + response.username
+            data: "Access token valid for user " + accessToken.username
        })
    );
 }