v3: fixed roles propagation bug, fixed inconsistent file drop zone, fixed chat attachments wrongfully pruned, some visual tweaks
All checks were successful
Build and Publish Docker Image / build-and-push (push) Successful in 41s

This commit is contained in:
2026-06-30 13:41:36 +02:00
parent d2d086831e
commit 7773a8a501
12 changed files with 317 additions and 237 deletions

View File

@@ -46,13 +46,17 @@ export async function authMiddleware<R extends string>(
throw new APIException(APIErrorCode.UNAUTHORIZED, 401, "Invalid token");
}
let user;
try {
getUserById(payload.userId);
user = getUserById(payload.userId);
} catch {
throw new APIException(APIErrorCode.UNAUTHORIZED, 401, "User not found");
}
ctx.state.user = payload;
// Trust the live role from the DB, not the role baked into the JWT at login.
// Tokens last 7 days, so a role change (e.g. promotion to admin or a demotion)
// would otherwise not take effect until the user re-logs in.
ctx.state.user = { ...payload, role: user.role };
await next();
}