comty/packages/server/middlewares/withAuthentication/index.js

import { ServerKeys } from "../../db_models"
import AuthToken from "../../classes/AuthToken"

export default async (req, res) => {
    function reject(data) {
        return res.status(401).json(data)
    }

    try {
        const tokenAuthHeader = req.headers?.authorization?.split(" ")

        if (!tokenAuthHeader) {
            return reject({
                error: "Missing token header"
            })
        }

        if (!tokenAuthHeader[1]) {
            return reject({
                error: "Recived header, missing token"
            })
        }

        switch (tokenAuthHeader[0]) {
            case "Bearer": {
                const token = tokenAuthHeader[1]

                const validation = await AuthToken.validate(token)

                if (!validation.valid) {
                    return reject(validation)
                }

                req.auth = {
                    token: token,
                    decoded: validation.data,
                    session: validation.session,
                    user: validation.user
                }

                return
            }
            case "Server": {
                const [access_id, secret_token] = tokenAuthHeader[1].split(":")

                if (access_id === "undefined" || secret_token === "undefined") {
                    return reject({
                        error: "Invalid server token"
                    })
                }

                const serverTokenEntry = await ServerKeys.findOne({
                    access_id,
                })
                    .select("+secret_token")
                    .catch((err) => {
                        return null
                    })

                if (!serverTokenEntry) {
                    return reject({
                        error: "Invalid server token"
                    })
                }

                if (serverTokenEntry.secret_token !== secret_token) {
                    return reject({
                        error: "Missmatching secret_token"
                    })
                }

                req.auth = {
                    server: true,
                    token: tokenAuthHeader,
                    decoded: null,
                    session: {
                        __server_key: true,
                        user_id: serverTokenEntry.owner_user_id,
                        created_at: serverTokenEntry.created_at,
                    },
                    user: async () => await User.findOne({ _id: serverTokenEntry.owner_user_id }),
                }

                return
            }
            default: {
                return reject({
                    error: "Invalid token type"
                })
            }
        }
    } catch (error) {
        console.error(error)

        return res.status(500).json({
            error: "An error occurred meanwhile authenticating your token"
        })
    }
}