import { ServerKeys } from "../../db_models" import AuthToken from "../../classes/AuthToken" export default async (req, res) => { function reject(data) { return res.status(401).json(data) } try { const tokenAuthHeader = req.headers?.authorization?.split(" ") if (!tokenAuthHeader) { return reject({ error: "Missing token header" }) } if (!tokenAuthHeader[1]) { return reject({ error: "Recived header, missing token" }) } switch (tokenAuthHeader[0]) { case "Bearer": { const token = tokenAuthHeader[1] const validation = await AuthToken.validate(token) if (!validation.valid) { return reject(validation) } req.auth = { token: token, decoded: validation.data, session: validation.session, user: validation.user } return } case "Server": { const [access_id, secret_token] = tokenAuthHeader[1].split(":") if (access_id === "undefined" || secret_token === "undefined") { return reject({ error: "Invalid server token" }) } const serverTokenEntry = await ServerKeys.findOne({ access_id, }) .select("+secret_token") .catch((err) => { return null }) if (!serverTokenEntry) { return reject({ error: "Invalid server token" }) } if (serverTokenEntry.secret_token !== secret_token) { return reject({ error: "Missmatching secret_token" }) } req.auth = { server: true, token: tokenAuthHeader, decoded: null, session: { __server_key: true, user_id: serverTokenEntry.owner_user_id, created_at: serverTokenEntry.created_at, }, user: async () => await User.findOne({ _id: serverTokenEntry.owner_user_id }), } return } default: { return reject({ error: "Invalid token type" }) } } } catch (error) { console.error(error) return res.status(500).json({ error: "An error occurred meanwhile authenticating your token" }) } }