vbatts/homebox
1
0
Fork 0
forked from mirrors/homebox
Code Pull requests Activity

cleanup user token access

Browse source
This commit is contained in:
Hayden 2022-08-30 18:11:23 -08:00
parent 1107904f47
commit 682774c9ce
5 changed files with 13 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

9
backend/app/api/middleware.go
View file

@ -10,7 +10,6 @@ import (
"github.com/go-chi/chi/v5/middleware"
"github.com/hay-kot/content/backend/internal/config"
"github.com/hay-kot/content/backend/internal/services"
"github.com/hay-kot/content/backend/pkgs/hasher"
"github.com/hay-kot/content/backend/pkgs/logger"
"github.com/hay-kot/content/backend/pkgs/server"
)
@ -49,17 +48,11 @@ func (a *app) mwAuthToken(next http.Handler) http.Handler {
}
requestToken = strings.TrimPrefix(requestToken, "Bearer ")
hash := hasher.HashToken(requestToken)
usr, err := a.services.User.GetSelf(r.Context(), requestToken)
// Check the database for the token
usr, err := a.repos.AuthTokens.GetUserFromToken(r.Context(), hash)
if err != nil {
a.logger.Error(err, logger.Props{
"token": requestToken,
"hash": fmt.Sprintf("%x", hash),
})
server.RespondUnauthorized(w)
return
}