Merge branch 'dev' into feat/um-23-v2-schema-init

2022-10-31 23:48:12 -07:00
parent 17041efaae d5fd333633
commit 689b732829
11 changed files with 1107 additions and 892 deletions
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -1,22 +1,26 @@
 import { parseSecureToken, parseToken } from 'next-basics';
 import { getUser, getWebsite } from 'queries';
+import debug from 'debug';
 import { SHARE_TOKEN_HEADER, TYPE_ACCOUNT, TYPE_WEBSITE } from 'lib/constants';
 import { secret } from 'lib/crypto';

-export function getAuthToken(req) {
+const log = debug('umami:auth');
+
+export function parseAuthToken(req) {
  try {
    const token = req.headers.authorization;
-
    return parseSecureToken(token.split(' ')[1], secret());
-  } catch {
+  } catch (e) {
+    log(e);
    return null;
  }
 }

-export function getShareToken(req) {
+export function parseShareToken(req) {
  try {
    return parseToken(req.headers[SHARE_TOKEN_HEADER], secret());
-  } catch {
+  } catch (e) {
+    log(e);
    return null;
  }
 }
@@ -29,6 +33,7 @@ export function isValidToken(token, validation) {
      return validation(token);
    }
  } catch (e) {
+    log(e);
    return false;
  }

--- a/lib/crypto.js
+++ b/lib/crypto.js
@@ -9,11 +9,11 @@ export function secret() {
 export function salt() {
  const ROTATING_SALT = hash(startOfMonth(new Date()).toUTCString());

-  return hash([secret(), ROTATING_SALT]);
+  return hash(secret(), ROTATING_SALT);
 }

 export function uuid(...args) {
  if (!args.length) return v4();

-  return v5(hash([...args, salt()]), v5.DNS);
+  return v5(hash(...args, salt()), v5.DNS);
 }
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -1,7 +1,7 @@
 import { createMiddleware, unauthorized, badRequest, serverError } from 'next-basics';
 import cors from 'cors';
 import { getSession } from './session';
-import { getAuthToken, getShareToken } from './auth';
+import { parseAuthToken, parseShareToken } from './auth';

 export const useCors = createMiddleware(cors());

@@ -26,8 +26,8 @@ export const useSession = createMiddleware(async (req, res, next) => {
 });

 export const useAuth = createMiddleware(async (req, res, next) => {
-  const token = await getAuthToken(req);
-  const shareToken = await getShareToken(req);
+  const token = await parseAuthToken(req);
+  const shareToken = await parseShareToken(req);

  if (!token && !shareToken) {
    return unauthorized(res);