Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2025-02-22 13:19:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: less strict missing token header check

Browse Source 
previously would still assume token is provided when the header is
simply an empty string, which may be unavoidable for some clients
This commit is contained in:
Bobby Wibowo 2022-08-19 07:30:32 +07:00
parent 59c5c8b7b0
commit 6c929efa7b
No known key found for this signature in database
GPG Key ID: 51C3A1E1E22D26CF
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
controllers/authController.js
View File

@ -77,7 +77,7 @@ self.assertUser = async (token, fields, ip) => {
self.requireUser = (req, res, next, fields) => {
// Throws when token is missing, thus use only for users-only routes
const token = req.headers.token
if (token === undefined) {
if (!token) {
return next(new ClientError('No token provided.', { statusCode: 403 }))
}
@ -94,7 +94,7 @@ self.optionalUser = (req, res, next, fields) => {
// Throws when token if missing only when private is set to true in config,
// thus use for routes that can handle no auth requests
const token = req.headers.token
if (token === undefined) {
if (!token) {
if (config.private === true) {
return next(new ClientError('No token provided.', { statusCode: 403 }))
} else {