From 4f7a22fff15c5468f1b20f2e188e507b2886020a Mon Sep 17 00:00:00 2001
From: Kevin Midboe <kevin.midboe@gmail.com>
Date: Sun, 6 Mar 2022 10:17:56 +0100
Subject: [PATCH] New tokenToUser middleware checks both header and cookie for
 Auth token

---
 .../webserver/middleware/reqTokenToUser.js    | 32 +++++++++++++++++++
 .../src/webserver/middleware/tokenToUser.js   | 23 -------------
 2 files changed, 32 insertions(+), 23 deletions(-)
 create mode 100644 seasoned_api/src/webserver/middleware/reqTokenToUser.js
 delete mode 100644 seasoned_api/src/webserver/middleware/tokenToUser.js

diff --git a/seasoned_api/src/webserver/middleware/reqTokenToUser.js b/seasoned_api/src/webserver/middleware/reqTokenToUser.js
new file mode 100644
index 0000000..e3cea6a
--- /dev/null
+++ b/seasoned_api/src/webserver/middleware/reqTokenToUser.js
@@ -0,0 +1,32 @@
+/* eslint-disable no-param-reassign */
+const configuration = require("src/config/configuration").getInstance();
+const Token = require("src/user/token");
+
+const secret = configuration.get("authentication", "secret");
+
+// Token example:
+// curl -i -H "Authorization:[token]" localhost:31459/api/v1/user/history
+
+const reqTokenToUser = (req, res, next) => {
+  const cookieAuthToken = req.cookies.authorization;
+  const headerAuthToken = req.headers.authorization;
+
+  if (cookieAuthToken || headerAuthToken) {
+    try {
+      const token = Token.fromString(
+        cookieAuthToken || headerAuthToken,
+        secret
+      );
+      req.loggedInUser = token.user;
+    } catch (error) {
+      req.loggedInUser = undefined;
+    }
+  } else {
+    // guest session
+    console.debug("No auth token in header or cookie.");
+  }
+
+  next();
+};
+
+module.exports = reqTokenToUser;
diff --git a/seasoned_api/src/webserver/middleware/tokenToUser.js b/seasoned_api/src/webserver/middleware/tokenToUser.js
deleted file mode 100644
index 069c3e5..0000000
--- a/seasoned_api/src/webserver/middleware/tokenToUser.js
+++ /dev/null
@@ -1,23 +0,0 @@
-/* eslint-disable no-param-reassign */
-const configuration = require('src/config/configuration').getInstance();
-
-const secret = configuration.get('authentication', 'secret');
-const Token = require('src/user/token');
-
-// Token example:
-// curl -i -H "Authorization:[token]" localhost:31459/api/v1/user/history
-
-const tokenToUser = (req, res, next) => {
-  const rawToken = req.headers.authorization;
-  if (rawToken) {
-    try {
-      const token = Token.fromString(rawToken, secret);
-      req.loggedInUser = token.user;
-    } catch (error) {
-      req.loggedInUser = undefined;
-    }
-  }
-  next();
-};
-
-module.exports = tokenToUser;