From 6c929efa7b75cf928bac311b8191e63deac0c199 Mon Sep 17 00:00:00 2001
From: Bobby Wibowo <bobbywibowo98@gmail.com>
Date: Fri, 19 Aug 2022 07:30:32 +0700
Subject: [PATCH] fix: less strict missing token header check

previously would still assume token is provided when the header is
simply an empty string, which may be unavoidable for some clients
---
 controllers/authController.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controllers/authController.js b/controllers/authController.js
index 84ef592..ae9b84c 100644
--- a/controllers/authController.js
+++ b/controllers/authController.js
@@ -77,7 +77,7 @@ self.assertUser = async (token, fields, ip) => {
 self.requireUser = (req, res, next, fields) => {
   // Throws when token is missing, thus use only for users-only routes
   const token = req.headers.token
-  if (token === undefined) {
+  if (!token) {
     return next(new ClientError('No token provided.', { statusCode: 403 }))
   }
 
@@ -94,7 +94,7 @@ self.optionalUser = (req, res, next, fields) => {
   // Throws when token if missing only when private is set to true in config,
   // thus use for routes that can handle no auth requests
   const token = req.headers.token
-  if (token === undefined) {
+  if (!token) {
     if (config.private === true) {
       return next(new ClientError('No token provided.', { statusCode: 403 }))
     } else {