fix: authorization

quantum-brackets · Oct 30, 2024 · 952cefa · 952cefa
1 parent d5812a1
commit 952cefa
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 17 deletions.
diff --git a/src/middlewares/api/authorization.ts b/src/middlewares/api/authorization.ts
@@ -10,30 +10,26 @@ const protectedRoutes = ["/api/users"];
 export const authorization: MiddlewareFactory = (next) => {
   return catchAsync(async (req: NextRequest, _next: NextFetchEvent) => {
     const pathname = req.nextUrl.pathname;
+    const sessionToken =
+      req.cookies.get(SESSION_KEY)?.value || req.headers.get("Authorization")?.split(" ")[1];
 
     if (protectedRoutes.some((path) => pathname.startsWith(path))) {
-      const session =
-        req.cookies.get(SESSION_KEY)?.value || req.headers.get("Authorization")?.split(" ")[1];
+      if (!sessionToken) {
+        return appError({ status: 401, error: "No session provided" });
+      }
 
       const {
         data: { user_id },
-      } = await axiosInstance.post("/api/utils/decode", {
-        session,
-      });
+      } = await axiosInstance.post("/api/utils/decode", { session: sessionToken });
 
       if (!user_id) {
-        return appError({
-          status: 401,
-          error: "No session provided",
-        });
+        return appError({ status: 401, error: "Invalid session" });
       }
 
       const res = NextResponse.next();
       res.headers.set(HEADER_DATA_KEY, user_id);
-
       return res;
     }
-
     return next(req, _next);
   });
 };
diff --git a/src/middlewares/app/authorization.ts b/src/middlewares/app/authorization.ts
@@ -33,13 +33,13 @@ function redirect({
   return NextResponse.redirect(redirectUrl, 307);
 }
 
-async function getMe(jwt: string | undefined): Promise<User | null> {
-  if (!jwt) return null;
+async function getUserBySessionToken(token: string | undefined): Promise<User | null> {
+  if (!token) return null;
 
   try {
     const { data: user } = await axiosInstance.get<User>("/api/users/me", {
       headers: {
-        Authorization: `Bearer ${jwt}`,
+        Authorization: `Bearer ${token}`,
       },
     });
 
@@ -67,14 +67,14 @@ export const authorization: MiddlewareFactory = (next) => {
       return redirect({ req, pathname: authPaths.signin, origin: pathname });
     }
 
-    const user = await getMe(session);
+    const user = await getUserBySessionToken(session);
+
+    console.log(user);
 
     if (isProtectedPath && !user) {
       return redirect({ req, pathname: authPaths.signin, origin: pathname });
     }
 
-    console.log(user);
-
     if (user && !user.complete_profile) {
       return redirect({ req, pathname: authPaths.completeProfile, origin: pathname });
     }