diff --git a/packages/message_server/src/api.js b/packages/message_server/src/api.js index 9bc6fb20..f0abd4f9 100755 --- a/packages/message_server/src/api.js +++ b/packages/message_server/src/api.js @@ -80,10 +80,18 @@ class TextRoomServer { return next(new Error(`auth:server_error`)) } - if (session.invalid) { + if (!session.valid) { + console.error(`[${socket.id}] failed to validate session caused by invalid token`, session) + return next(new Error(`auth:token_invalid`)) } + if(!session.user_id) { + console.error(`[${socket.id}] failed to validate session caused by invalid session. (missing user_id)`, session) + + return next(new Error(`auth:invalid_session`)) + } + const userData = await mainAPI.get(`/user/${session.user_id}/data`) .then((res) => { return res.data diff --git a/packages/server/src/controllers/SessionController/endpoints/validateSession.js b/packages/server/src/controllers/SessionController/endpoints/validateSession.js index 54d8a26b..84dfeccb 100755 --- a/packages/server/src/controllers/SessionController/endpoints/validateSession.js +++ b/packages/server/src/controllers/SessionController/endpoints/validateSession.js @@ -5,7 +5,6 @@ import { Session } from "@models" export default { method: "POST", route: "/validate", - middlewares: ["useJwtStrategy"], fn: async (req, res) => { const token = req.body.session @@ -14,7 +13,7 @@ export default { valid: true } - await jwt.verify(token, req.jwtStrategy.secretOrKey, async (err, decoded) => { + await jwt.verify(token, global.jwtStrategy.secretOrKey, async (err, decoded) => { if (err) { result.valid = false result.error = err.message @@ -22,6 +21,7 @@ export default { if (err.message === "jwt expired") { result.expired = true } + return }