v3: fixed roles propagation bug, fixed inconsistent file drop zone, fixed chat attachments wrongfully pruned, some visual tweaks
All checks were successful
Build and Publish Docker Image / build-and-push (push) Successful in 41s
All checks were successful
Build and Publish Docker Image / build-and-push (push) Successful in 41s
This commit is contained in:
@@ -46,13 +46,17 @@ export async function authMiddleware<R extends string>(
|
||||
throw new APIException(APIErrorCode.UNAUTHORIZED, 401, "Invalid token");
|
||||
}
|
||||
|
||||
let user;
|
||||
try {
|
||||
getUserById(payload.userId);
|
||||
user = getUserById(payload.userId);
|
||||
} catch {
|
||||
throw new APIException(APIErrorCode.UNAUTHORIZED, 401, "User not found");
|
||||
}
|
||||
|
||||
ctx.state.user = payload;
|
||||
// Trust the live role from the DB, not the role baked into the JWT at login.
|
||||
// Tokens last 7 days, so a role change (e.g. promotion to admin or a demotion)
|
||||
// would otherwise not take effect until the user re-logs in.
|
||||
ctx.state.user = { ...payload, role: user.role };
|
||||
|
||||
await next();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user