refactor(server/middleware): update current user middleware

- check for titlecased version of auth header
- check for token's `sub` field as well as `id`
- ensure we don't select sensitive info when querying the user
- don't throw if there's no user logged in for that request

server/middleware/05.currentUser.ts

@@ -1,26 +1,26 @@
 import jwt from "jsonwebtoken";
-import { log } from "@server/logger";
+import { IUser, User } from "@models/user";
-import { messages } from "@server/constants";
-import { User } from "@models/user";
-import { AccessToken } from "@models/oauth";
-import { IJwt } from "@server/types/authstuff";
 
 export default defineEventHandler(async (event) => {
-	let ahead = (getHeaders(event).authorization || "")?.replace("Bearer ", "");
+	let ahead = (getHeaders(event).authorization || getHeaders(event).Authorization || getCookie(event, "rockfic_cookie"))?.replace("Bearer ", "");
 	if (ahead) {
-		let toktok: jwt.JwtPayload;
+		let toktok: any;
+		let user: IUser | null = null;
 		try {
-			toktok = jwt.verify(ahead, useRuntimeConfig().jwt) as IJwt;
+			toktok = jwt.verify(ahead, useRuntimeConfig().jwt);
-			let user = await User.findById(toktok.id as number).exec();
+			console.log(toktok);
-			if (user && toktok) event.context.currentUser = user;
+			if (toktok?.sub) {
-		} catch (e) {
+				user = await User.findById(toktok.sub as number)
-			const t = await AccessToken.findOne({ token: ahead });
+					.select("-password -auth -ipLog")
-			if (!t)
+					.exec();
-				throw createError({
+			} else if (toktok.id) {
-					statusCode: 401,
+				user = await User.findById(toktok.id as number)
-					message: messages[401],
+					.select("-password -auth -ipLog")
-				});
+					.exec();
-			let user = await User.findById(t.userID);
+			}
+		} catch (E) {
+			console.error(E);
+		} finally {
 			if (user) event.context.currentUser = user;
 		}
 	}