aljaz/ditto
1
0
Fork 0
mirror of https://github.com/aljazceru/ditto.git synced 2025-12-27 10:14:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove uneeded session ID from auth token

Browse Source
This commit is contained in:
Alex Gleason
2023-08-28 13:00:00 -05:00
parent f25284daa9
commit e8a7dfef2b
4 changed files with 9 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/middleware/auth19.ts
View File

@@ -1,10 +1,8 @@
import { type AppMiddleware } from '@/app.ts';
import { getPublicKey, HTTPException, nip19 } from '@/deps.ts';
/** The token includes a Bech32 Nostr ID (npub, nsec, etc) and an optional session ID. */
const TOKEN_REGEX = new RegExp(`(${nip19.BECH32_REGEX.source})(?:_(\\w+))?`);
/** We only accept "Bearer" type. */
const BEARER_REGEX = new RegExp(`^Bearer (${TOKEN_REGEX.source})$`);
const BEARER_REGEX = new RegExp(`^Bearer (${nip19.BECH32_REGEX.source})$`);
/** NIP-19 auth middleware. */
const auth19: AppMiddleware = async (c, next) => {
@@ -12,8 +10,7 @@ const auth19: AppMiddleware = async (c, next) => {
const match = authHeader?.match(BEARER_REGEX);
if (match) {
const [_, _token, bech32, session] = match;
c.set('session', session);
const [_, bech32] = match;
try {
const decoded = nip19.decode(bech32!);
@@ -47,4 +44,4 @@ const requireAuth: AppMiddleware = async (c, next) => {
await next();
};
export { auth19, requireAuth, TOKEN_REGEX };
export { auth19, requireAuth };