Skip to content

Commit

Permalink
Add more descriptive errors to web auth middleware
Browse files Browse the repository at this point in the history
Signed-off-by: Daniel D’Aquino <[email protected]>
  • Loading branch information
danieldaquino committed Oct 15, 2024
1 parent b18bb0e commit d5cc200
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions src/web_auth.js
Original file line number Diff line number Diff line change
Expand Up @@ -137,31 +137,31 @@ class WebAuthManager {
async require_web_auth(req, res, next) {
const auth_header = req.header('Authorization');
if (!auth_header) {
unauthorized_response(res, 'Unauthorized');
unauthorized_response(res, 'Unauthorized, no auth header');
return;
}

const [auth_type, token] = auth_header.split(' ');
if (auth_type !== 'Bearer') {
unauthorized_response(res, 'Unauthorized');
unauthorized_response(res, 'Unauthorized, invalid auth type');
return;
}

if (!token) {
unauthorized_response(res, 'Unauthorized');
unauthorized_response(res, 'Unauthorized, no token');
return;
}

const session_data = await this.dbs.sessions.get(token);
if (!session_data) {
unauthorized_response(res, 'Unauthorized');
unauthorized_response(res, 'Unauthorized, invalid token');
return;
}

// Check if the session has expired
if (current_time() - session_data.created_at > this.session_expiry) {
await this.dbs.sessions.del(token);
unauthorized_response(res, 'Unauthorized');
unauthorized_response(res, 'Unauthorized, session expired');
return;
}

Expand Down

0 comments on commit d5cc200

Please sign in to comment.