From 4ad8c81e4927c1a82220ec015a781b095c8e859e Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Sun, 24 Apr 2022 04:16:13 +0500 Subject: [PATCH] fix: fetch client from DB for each request --- api/src/controllers/auth.ts | 4 ++++ api/src/routes/api/auth.ts | 29 ++--------------------------- api/src/utils/connectDB.ts | 3 --- 3 files changed, 6 insertions(+), 30 deletions(-) diff --git a/api/src/controllers/auth.ts b/api/src/controllers/auth.ts index 9cc05e3..dba3db9 100644 --- a/api/src/controllers/auth.ts +++ b/api/src/controllers/auth.ts @@ -1,6 +1,7 @@ import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa' import jwt from 'jsonwebtoken' import User from '../model/User' +import Client from '../model/Client' import { InfoJWT } from '../types' import { generateAccessToken, @@ -81,6 +82,9 @@ export class AuthController { const authorize = async (data: any): Promise => { const { username, password, clientId } = data + const client = await Client.findOne({ clientId }) + if (!client) throw new Error('Invalid clientId.') + // Authenticate User const user = await User.findOne({ username }) if (!user) throw new Error('Username is not found.') diff --git a/api/src/routes/api/auth.ts b/api/src/routes/api/auth.ts index ab45b55..08664cb 100644 --- a/api/src/routes/api/auth.ts +++ b/api/src/routes/api/auth.ts @@ -1,44 +1,22 @@ import express from 'express' import { AuthController } from '../../controllers/' -import Client from '../../model/Client' import { authenticateAccessToken, authenticateRefreshToken } from '../../middlewares' -import { - authorizeValidation, - getDesktopFields, - tokenValidation -} from '../../utils' +import { authorizeValidation, tokenValidation } from '../../utils' import { InfoJWT } from '../../types' const authRouter = express.Router() - -const clientIDs = new Set() - -export const populateClients = async () => { - const result = await Client.find() - clientIDs.clear() - result.forEach((r) => { - clientIDs.add(r.clientId) - }) -} +const controller = new AuthController() authRouter.post('/authorize', async (req, res) => { const { error, value: body } = authorizeValidation(req.body) if (error) return res.status(400).send(error.details[0].message) - const { clientId } = body - - // Verify client ID - if (!clientIDs.has(clientId)) { - return res.status(403).send('Invalid clientId.') - } - - const controller = new AuthController() try { const response = await controller.authorize(body) @@ -52,7 +30,6 @@ authRouter.post('/token', async (req, res) => { const { error, value: body } = tokenValidation(req.body) if (error) return res.status(400).send(error.details[0].message) - const controller = new AuthController() try { const response = await controller.token(body) const { accessToken } = response @@ -66,7 +43,6 @@ authRouter.post('/token', async (req, res) => { authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => { const userInfo: InfoJWT = req.user - const controller = new AuthController() try { const response = await controller.refresh(userInfo) @@ -79,7 +55,6 @@ authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => { authRouter.delete('/logout', authenticateAccessToken, async (req: any, res) => { const userInfo: InfoJWT = req.user - const controller = new AuthController() try { await controller.logout(userInfo) } catch (e) {} diff --git a/api/src/utils/connectDB.ts b/api/src/utils/connectDB.ts index a751b16..0fea107 100644 --- a/api/src/utils/connectDB.ts +++ b/api/src/utils/connectDB.ts @@ -1,5 +1,4 @@ import mongoose from 'mongoose' -import { populateClients } from '../routes/api/auth' import { seedDB } from './seedDB' export const connectDB = async () => { @@ -22,7 +21,5 @@ export const connectDB = async () => { console.log('Connected to db!') await seedDB() - - await populateClients() }) }