From 7147afc30913677ce5323ed9e95cd44ae90be4dc Mon Sep 17 00:00:00 2001
From: Bobby <bobby@fiery.me>
Date: Wed, 21 Sep 2022 08:02:13 +0700
Subject: [PATCH] feat: better props override for auth helepr functs

---
 controllers/authController.js | 12 ++++++------
 routes/api.js                 | 19 +++++++++++++------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/controllers/authController.js b/controllers/authController.js
index 290d3b8..c763c8c 100644
--- a/controllers/authController.js
+++ b/controllers/authController.js
@@ -74,14 +74,14 @@ self.assertUser = async (token, fields, ip) => {
   }
 }
 
-self.requireUser = (req, res, next, fields) => {
+self.requireUser = (req, res, next, options = {}) => {
   // Throws when token is missing, thus use only for users-only routes
-  const token = req.headers.token
+  const token = options.token || req.headers.token
   if (!token) {
     return next(new ClientError('No token provided.', { statusCode: 403 }))
   }
 
-  self.assertUser(token, fields, req.ip)
+  self.assertUser(token, options.fields, req.ip)
     .then(user => {
       // Add user data to Request.locals.user
       req.locals.user = user
@@ -90,10 +90,10 @@ self.requireUser = (req, res, next, fields) => {
     .catch(next)
 }
 
-self.optionalUser = (req, res, next, fields) => {
+self.optionalUser = (req, res, next, options = {}) => {
   // Throws when token if missing only when private is set to true in config,
   // thus use for routes that can handle no auth requests
-  const token = req.headers.token
+  const token = options.token || req.headers.token
   if (!token) {
     if (config.private === true) {
       return next(new ClientError('No token provided.', { statusCode: 403 }))
@@ -103,7 +103,7 @@ self.optionalUser = (req, res, next, fields) => {
     }
   }
 
-  self.assertUser(token, fields, req.ip)
+  self.assertUser(token, options.fields, req.ip)
     .then(user => {
       // Add user data to Request.locals.user
       req.locals.user = user
diff --git a/routes/api.js b/routes/api.js
index a1dfacf..405595e 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -44,10 +44,15 @@ routes.post('/users/edit', [auth.requireUser, utils.assertJSON], auth.editUser)
 /** ./controllers/uploadController.js */
 
 // HyperExpress defaults to 250kb
-// https://github.com/kartikk221/hyper-express/blob/6.4.4/docs/Server.md#server-constructor-options
-const maxBodyLength = parseInt(config.uploads.maxSize) * 1e6
-routes.post('/upload', { max_body_length: maxBodyLength }, auth.optionalUser, upload.upload)
-routes.post('/upload/:albumid', { max_body_length: maxBodyLength }, auth.optionalUser, upload.upload)
+// https://github.com/kartikk221/hyper-express/blob/6.4.8/docs/Server.md#server-constructor-options
+const uploadOptions = {
+  max_body_length: parseInt(config.uploads.maxSize) * 1e6,
+  middlewares: [
+    auth.optionalUser
+  ]
+}
+routes.post('/upload', uploadOptions, upload.upload)
+routes.post('/upload/:albumid', uploadOptions, upload.upload)
 routes.post('/upload/finishchunks', [auth.optionalUser, utils.assertJSON], upload.finishChunks)
 
 routes.get('/uploads', auth.requireUser, upload.list)
@@ -78,8 +83,10 @@ routes.post('/albums/rename', [auth.requireUser, utils.assertJSON], albums.renam
 
 routes.get('/tokens', auth.requireUser, tokens.list)
 routes.post('/tokens/change', (req, res, next) => {
-  // Include user's "token" field into database query
-  auth.requireUser(req, res, next, 'token')
+  auth.requireUser(req, res, next, {
+    // Include user's "token" field into database query
+    fields: ['token']
+  })
 }, tokens.change)
 routes.post('/tokens/verify', utils.assertJSON, tokens.verify)