gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(api): only use homeLocation as a fallback (#40517)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2020-12-30 20:10:38 +01:00
committed by Mrugesh Mohapatra
parent 03fa21a565
commit a076547d43
22 changed files with 207 additions and 600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
api-server/server/middlewares/request-authorization.js
View File

@@ -6,10 +6,10 @@ import {
errorTypes,
authHeaderNS
} from '../utils/getSetAccessToken';
import { homeLocation } from '../../../config/env';
import { jwtSecret as _jwtSecret } from '../../../config/secrets';
import { wrapHandledError } from '../utils/create-handled-error';
import { getRedirectParams } from '../utils/redirection';
const authRE = /^\/auth\//;
const confirmEmailRE = /^\/confirm-email$/;
@@ -50,6 +50,7 @@ export function isAllowedPath(path, pathsAllowedREs = _pathsAllowedREs) {
export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
function requestAuthorisation(req, res, next) {
const { origin } = getRedirectParams(req);
const { path } = req;
if (!isAllowedPath(path)) {
const { accessToken, error, jwt } = getAccessTokenFromRequest(
@@ -61,7 +62,7 @@ export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
new Error('Access token is required for this request'),
{
type: 'info',
redirect: `${homeLocation}/signin`,
redirect: `${origin}/signin`,
message: 'Access token is required for this request',
status: 403
}
@@ -70,7 +71,7 @@ export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
if (!accessToken && error === errorTypes.invalidToken) {
throw wrapHandledError(new Error('Access token is invalid'), {
type: 'info',
redirect: `${homeLocation}/signin`,
redirect: `${origin}/signin`,
message: 'Your access token is invalid',
status: 403
});
@@ -78,7 +79,7 @@ export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
if (!accessToken && error === errorTypes.expiredToken) {
throw wrapHandledError(new Error('Access token is no longer valid'), {
type: 'info',
redirect: `${homeLocation}/signin`,
redirect: `${origin}/signin`,
message: 'Access token is no longer valid',
status: 403
});