chore: conditionally call authorize middleware from authenticateToken

2026-01-05 22:00:05 +00:00 · 2022-07-04 20:13:46 +05:00
parent b10e932605
commit e42fdd3575
9 changed files with 79 additions and 75 deletions
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -1,8 +1,14 @@
 import { RequestHandler, Request, Response, NextFunction } from 'express'
 import jwt from 'jsonwebtoken'
 import { csrfProtection } from '../app'
-import { fetchLatestAutoExec, ModeType, verifyTokenInDB } from '../utils'
+import {
+  fetchLatestAutoExec,
+  ModeType,
+  verifyTokenInDB,
+  getAuthorizedRoutes
+} from '../utils'
 import { desktopUser } from './desktop'
+import { authorize } from './authorize'

 export const authenticateAccessToken: RequestHandler = async (
  req,
@@ -15,6 +21,12 @@ export const authenticateAccessToken: RequestHandler = async (
    return next()
  }

+  const authorizedRoutes = getAuthorizedRoutes()
+  const uri = req.baseUrl + req.path
+  const nextFunction = authorizedRoutes.includes(uri)
+    ? () => authorize(req, res, next)
+    : next
+
  // if request is coming from web and has valid session
  // it can be validated.
  if (req.session?.loggedIn) {
@@ -24,7 +36,7 @@ export const authenticateAccessToken: RequestHandler = async (
      if (user) {
        if (user.isActive) {
          req.user = user
-          return csrfProtection(req, res, next)
+          return csrfProtection(req, res, nextFunction)
        } else return res.sendStatus(401)
      }
    }
@@ -34,7 +46,7 @@ export const authenticateAccessToken: RequestHandler = async (
  authenticateToken(
    req,
    res,
-    next,
+    nextFunction,
    process.env.ACCESS_TOKEN_SECRET as string,
    'accessToken'
  )