access-token-parser use AccessToken model

apps/app/src/server/middlewares/access-token-parser/access-token-parser.ts

@@ -1,4 +1,4 @@
-import type { IUser, IUserHasId } from '@growi/core/dist/interfaces';
+import type { IUserHasId } from '@growi/core/dist/interfaces';
 import { serializeUserSecurely } from '@growi/core/dist/models/serializers';
 import type { NextFunction, Response } from 'express';
 import type { HydratedDocument } from 'mongoose';
@@ -19,16 +19,21 @@ export const accessTokenParser = async(req: AccessTokenParserReq, res: Response,
     return next();
   }
 
-  const User = mongoose.model<HydratedDocument<IUser>, { findUserByIds }>('User');
   const AccessToken = mongoose.model<HydratedDocument<IAccessToken>, { findUserIdByToken }>('AccessToken');
 
   logger.debug('accessToken is', accessToken);
 
+  // check the access token is valid
   const userId = await AccessToken.findUserIdByToken(accessToken);
-  const user: IUserHasId = await User.findUserByIds(userId);
+  if (userId == null) {
+    logger.debug('The access token is invalid');
+    return next();
+  }
 
+  // check the user is valid
+  const { user }: {user: IUserHasId} = await userId.populate('user');
   if (user == null) {
-    logger.debug('The access token is invalid');
+    logger.debug('The access token\'s associated user is invalid');
     return next();
   }