пре 1 година · 09daea7b64
--- a/apps/app/src/server/middlewares/access-token-parser.ts
+++ b/apps/app/src/server/middlewares/access-token-parser.ts
@@ -1,4 +1,8 @@
 
				+import type { IUser, IUserHasId } from '@growi/core/dist/interfaces';
			
 
				+import type { IUserSerializedSecurely } from '@growi/core/dist/models/serializers';
			
 
				 import { serializeUserSecurely } from '@growi/core/dist/models/serializers';
			
 
				+import type { NextFunction, Request, Response } from 'express';
			
 
				+import type { HydratedDocument } from 'mongoose';
			
 
				 import mongoose from 'mongoose';
			
 
				 
			
 
				 import loggerFactory from '~/utils/logger';
			
@@ -6,20 +10,31 @@ import loggerFactory from '~/utils/logger';
 
				 
			
 
				 const logger = loggerFactory('growi:middleware:access-token-parser');
			
 
				 
			
 
				-module.exports = (crowi) => {
			
 
				+type ReqQuery = {
			
 
				+  access_token?: string,
			
 
				+}
			
 
				+type ReqBody = {
			
 
				+  access_token?: string,
			
 
				+}
			
 
				 
			
 
				-  return async(req, res, next) => {
			
 
				+interface Req extends Request<undefined, undefined, ReqBody, ReqQuery> {
			
 
				+  user: IUserSerializedSecurely<IUserHasId>,
			
 
				+}
			
 
				+
			
 
				+const middlewareFactory = () => {
			
 
				+
			
 
				+  return async(req: Req, res: Response, next: NextFunction): Promise<void> => {
			
 
				     // TODO: comply HTTP header of RFC6750 / Authorization: Bearer
			
 
				-    const accessToken = req.query.access_token || req.body.access_token || null;
			
 
				+    const accessToken = req.query.access_token ?? req.body.access_token;
			
 
				     if (accessToken == null || typeof accessToken !== 'string') {
			
 
				       return next();
			
 
				     }
			
 
				 
			
 
				-    const User = mongoose.model('User');
			
 
				+    const User = mongoose.model<HydratedDocument<IUser>, { findUserByApiToken }>('User');
			
 
				 
			
 
				     logger.debug('accessToken is', accessToken);
			
 
				 
			
 
				-    const user = await User.findUserByApiToken(accessToken).lean();
			
 
				+    const user: IUserHasId = await User.findUserByApiToken(accessToken);
			
 
				 
			
 
				     if (user == null) {
			
 
				       logger.debug('The access token is invalid');
			
@@ -35,3 +50,6 @@ module.exports = (crowi) => {
 
				   };
			
 
				 
			
 
				 };
			
 
				+
			
 
				+module.exports = middlewareFactory;
			
 
				+// export default middlewareFactory;
			
--- a/apps/app/src/server/models/user.js
+++ b/apps/app/src/server/models/user.js
@@ -449,7 +449,7 @@ const factory = (crowi) => {
 
				     if (apiToken == null) {
			
 
				       return Promise.resolve(null);
			
 
				     }
			
 
				-    return this.findOne({ apiToken });
			
 
				+    return this.findOne({ apiToken }).lean();
			
 
				   };
			
 
				 
			
 
				   userSchema.statics.findUserByGoogleId = function(googleId, callback) {