☙◦ The Tablet ❀ GamerGirlandCo ◦❧
480655a0ee
- check for titlecased version of auth header - check for token's `sub` field as well as `id` - ensure we don't select sensitive info when querying the user - don't throw if there's no user logged in for that request
28 lines
802 B
TypeScript
28 lines
802 B
TypeScript
import jwt from "jsonwebtoken";
|
|
import { IUser, User } from "@models/user";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
let ahead = (getHeaders(event).authorization || getHeaders(event).Authorization || getCookie(event, "rockfic_cookie"))?.replace("Bearer ", "");
|
|
if (ahead) {
|
|
let toktok: any;
|
|
let user: IUser | null = null;
|
|
try {
|
|
toktok = jwt.verify(ahead, useRuntimeConfig().jwt);
|
|
console.log(toktok);
|
|
if (toktok?.sub) {
|
|
user = await User.findById(toktok.sub as number)
|
|
.select("-password -auth -ipLog")
|
|
.exec();
|
|
} else if (toktok.id) {
|
|
user = await User.findById(toktok.id as number)
|
|
.select("-password -auth -ipLog")
|
|
.exec();
|
|
}
|
|
} catch (E) {
|
|
console.error(E);
|
|
} finally {
|
|
if (user) event.context.currentUser = user;
|
|
}
|
|
}
|
|
});
|