|
|
@@ -1,4 +1,4 @@
|
|
|
-import type { IUser, IUserHasId } from '@growi/core/dist/interfaces';
|
|
|
+import type { IUserHasId } from '@growi/core/dist/interfaces';
|
|
|
import { serializeUserSecurely } from '@growi/core/dist/models/serializers';
|
|
|
import type { NextFunction, Response } from 'express';
|
|
|
import type { HydratedDocument } from 'mongoose';
|
|
|
@@ -19,16 +19,21 @@ export const accessTokenParser = async(req: AccessTokenParserReq, res: Response,
|
|
|
return next();
|
|
|
}
|
|
|
|
|
|
- const User = mongoose.model<HydratedDocument<IUser>, { findUserByIds }>('User');
|
|
|
const AccessToken = mongoose.model<HydratedDocument<IAccessToken>, { findUserIdByToken }>('AccessToken');
|
|
|
|
|
|
logger.debug('accessToken is', accessToken);
|
|
|
|
|
|
+ // check the access token is valid
|
|
|
const userId = await AccessToken.findUserIdByToken(accessToken);
|
|
|
- const user: IUserHasId = await User.findUserByIds(userId);
|
|
|
+ if (userId == null) {
|
|
|
+ logger.debug('The access token is invalid');
|
|
|
+ return next();
|
|
|
+ }
|
|
|
|
|
|
+ // check the user is valid
|
|
|
+ const { user }: {user: IUserHasId} = await userId.populate('user');
|
|
|
if (user == null) {
|
|
|
- logger.debug('The access token is invalid');
|
|
|
+ logger.debug('The access token\'s associated user is invalid');
|
|
|
return next();
|
|
|
}
|
|
|
|
reiji-h