From df899369aa5a68a14e9e4809767e07f38bafdc5d Mon Sep 17 00:00:00 2001
From: razzanYoni <13521087@mahasiswa.itb.ac.id>
Date: Tue, 14 Nov 2023 17:15:06 +0700
Subject: [PATCH] fix : resolve auth
---
src/errors/standard-error.ts | 6 ++++++
src/middlewares/verify-token.ts | 32 ++++++++++++++++++--------------
2 files changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/errors/standard-error.ts b/src/errors/standard-error.ts
index 1a3546a..9667545 100644
--- a/src/errors/standard-error.ts
+++ b/src/errors/standard-error.ts
@@ -10,6 +10,7 @@ enum ErrorType {
ACCESS_TOKEN_MISSING,
ACCESS_TOKEN_EXPIRED,
ACCESS_TOKEN_NOT_ACTIVE,
+ INVALID_SIGNATURE,
AUTHORIZATION_HEADER_NOT_SET,
FINGERPRINT_MISSING,
ALBUM_NOT_FOUND,
@@ -70,6 +71,11 @@ class StandardError {
this.status = StatusCodes.UNAUTHORIZED;
break;
+ case ErrorType.INVALID_SIGNATURE:
+ this.title = "Your access token is invalid."
+ this.status = StatusCodes.UNAUTHORIZED;
+ break;
+
case ErrorType.AUTHORIZATION_HEADER_NOT_SET:
this.title = "Authorization header not set."
this.status = StatusCodes.UNAUTHORIZED;
diff --git a/src/middlewares/verify-token.ts b/src/middlewares/verify-token.ts
index 82d2257..137a4a2 100644
--- a/src/middlewares/verify-token.ts
+++ b/src/middlewares/verify-token.ts
@@ -1,5 +1,5 @@
import { NextFunction, Request, Response } from "express";
-import jwt, { NotBeforeError, TokenExpiredError } from "jsonwebtoken";
+import jwt, {JsonWebTokenError, NotBeforeError, TokenExpiredError} from "jsonwebtoken";
import { ErrorType, StandardError } from "../errors/standard-error";
import { hashFingerprint } from "../utils/token";
@@ -22,26 +22,26 @@ const verifyFingerprint = async (
};
const verifyToken = async (req: Request, res: Response, next: NextFunction) => {
+ try {
// Authorization Bearer ${accessToken}
- const authHeader = req.headers.authorization;
+ const authHeader = req.headers.authorization;
- if (!authHeader) {
- throw new StandardError(ErrorType.AUTHORIZATION_HEADER_NOT_SET);
- }
+ if (!authHeader) {
+ throw new StandardError(ErrorType.AUTHORIZATION_HEADER_NOT_SET);
+ }
- const accessToken = authHeader.split(" ")[1];
+ const accessToken = authHeader.split(" ")[1];
- if (!accessToken) {
- throw new StandardError(ErrorType.ACCESS_TOKEN_MISSING);
- }
+ if (!accessToken) {
+ throw new StandardError(ErrorType.ACCESS_TOKEN_MISSING);
+ }
- const fingerprint = req.cookies["__Secure-fingerprint"];
+ const fingerprint = req.cookies["__Secure-fingerprint"];
- if (!fingerprint) {
- throw new StandardError(ErrorType.FINGERPRINT_MISSING);
- }
+ if (!fingerprint) {
+ throw new StandardError(ErrorType.FINGERPRINT_MISSING);
+ }
- try {
const decodedPayload = jwt.verify(
accessToken,
process.env.JWT_SHARED_SECRET as string,
@@ -61,6 +61,10 @@ const verifyToken = async (req: Request, res: Response, next: NextFunction) => {
next(new StandardError(ErrorType.ACCESS_TOKEN_EXPIRED));
} else if (error instanceof NotBeforeError) {
next(new StandardError(ErrorType.ACCESS_TOKEN_NOT_ACTIVE));
+ } else if (error instanceof JsonWebTokenError) {
+ next(new StandardError(ErrorType.INVALID_SIGNATURE));
+ } else if (error instanceof StandardError) {
+ next(error);
}
// unknown error
next(error);
--
GitLab