next/server/middleware/05.currentUser.ts

import jwt from "jsonwebtoken";
import { IUser, User } from "@models/user";

export default defineEventHandler(async (event) => {
	let ahead = (getHeaders(event).authorization || getHeaders(event).Authorization || getCookie(event, "rockfic_cookie"))?.replace("Bearer ", "");
	if (ahead) {
		let toktok: any;
		let user: IUser | null = null;
		try {
			toktok = jwt.verify(ahead, useRuntimeConfig().jwt);
			console.log(toktok);
			if (toktok?.sub) {
				user = await User.findById(toktok.sub as number)
					.select("-password -auth -ipLog")
					.exec();
			} else if (toktok.id) {
				user = await User.findById(toktok.id as number)
					.select("-password -auth -ipLog")
					.exec();
			}
		} catch (E) {
			console.error(E);
		} finally {
			if (user) event.context.currentUser = user;
		}
	}
});
refactor(server/middleware): rename `currentUser` middleware 2023-10-10 21:56:25 -04:00			`import jwt from "jsonwebtoken";`
refactor(server/middleware): update current user middleware - check for titlecased version of auth header - check for token's `sub` field as well as `id` - ensure we don't select sensitive info when querying the user - don't throw if there's no user logged in for that request 2024-12-09 15:34:30 -05:00			`import { IUser, User } from "@models/user";`
refactor(server/middleware): rename `currentUser` middleware 2023-10-10 21:56:25 -04:00
			`export default defineEventHandler(async (event) => {`
refactor(server/middleware): update current user middleware - check for titlecased version of auth header - check for token's `sub` field as well as `id` - ensure we don't select sensitive info when querying the user - don't throw if there's no user logged in for that request 2024-12-09 15:34:30 -05:00			`let ahead = (getHeaders(event).authorization \|\| getHeaders(event).Authorization \|\| getCookie(event, "rockfic_cookie"))?.replace("Bearer ", "");`
refactor(server/middleware): rename `currentUser` middleware 2023-10-10 21:56:25 -04:00			`if (ahead) {`
refactor(server/middleware): update current user middleware - check for titlecased version of auth header - check for token's `sub` field as well as `id` - ensure we don't select sensitive info when querying the user - don't throw if there's no user logged in for that request 2024-12-09 15:34:30 -05:00			`let toktok: any;`
			`let user: IUser \| null = null;`
refactor(api): remove auth cookie checks just get the authorization header 2024-03-21 18:34:46 -04:00			`try {`
refactor(server/middleware): update current user middleware - check for titlecased version of auth header - check for token's `sub` field as well as `id` - ensure we don't select sensitive info when querying the user - don't throw if there's no user logged in for that request 2024-12-09 15:34:30 -05:00			`toktok = jwt.verify(ahead, useRuntimeConfig().jwt);`
			`console.log(toktok);`
			`if (toktok?.sub) {`
			`user = await User.findById(toktok.sub as number)`
			`.select("-password -auth -ipLog")`
			`.exec();`
			`} else if (toktok.id) {`
			`user = await User.findById(toktok.id as number)`
			`.select("-password -auth -ipLog")`
			`.exec();`
			`}`
			`} catch (E) {`
			`console.error(E);`
			`} finally {`
refactor(api): remove auth cookie checks just get the authorization header 2024-03-21 18:34:46 -04:00			`if (user) event.context.currentUser = user;`
			`}`
refactor(server/middleware): rename `currentUser` middleware 2023-10-10 21:56:25 -04:00			`}`
			`});`