diff --git a/src/controllers/auth.controller.ts b/src/controllers/auth.controller.ts index 46a4052..1da2e91 100644 --- a/src/controllers/auth.controller.ts +++ b/src/controllers/auth.controller.ts @@ -64,7 +64,10 @@ async function registerUser(req: Request, res: Response): Promise { const RegisterServiceResult = await UserService.register(sanitizeData); - if (typeof RegisterServiceResult !== 'string' && RegisterServiceResult.message === "GDPR acceptance is required.") { + if ( + typeof RegisterServiceResult !== "string" && + RegisterServiceResult.message === "GDPR acceptance is required." + ) { logger.warn(`GDPR not approved (${req.ip})`); return res.status(HttpStatusCode.BadRequest).json({ error: RegisterServiceResult.error, @@ -165,11 +168,17 @@ async function getAllUsers(req: Request, res: Response) { } const AllUserResponse = await UserService.getAll(); if (!AllUserResponse.users) { - return res.type("application/json").status(HttpStatusCode.InternalServerError).json({ - error: "Internal server error", - }); + return res + .type("application/json") + .status(HttpStatusCode.InternalServerError) + .json({ + error: "Internal server error", + }); } - return res.type("application/json").status(HttpStatusCode.Found).json(AllUserResponse); + return res + .type("application/json") + .status(HttpStatusCode.Found) + .json(AllUserResponse); } async function getUser(req: Request, res: Response) { @@ -177,16 +186,22 @@ async function getUser(req: Request, res: Response) { const bearerToken = authHeader?.split(" ")[1]; if (!bearerToken) { logger.warn(`Bearer token not provided (${req.ip})`); - return res.type("application/json").status(HttpStatusCode.Unauthorized).json({ - error: "Unauthorized", - }); + return res + .type("application/json") + .status(HttpStatusCode.Unauthorized) + .json({ + error: "Unauthorized", + }); } const payload = await JwtService.verify(bearerToken); if (!payload || !payload.sub) { logger.warn(`Unauthorized access attempt (${req.ip})`); - return res.type("application/json").status(HttpStatusCode.Unauthorized).json({ - error: "Unauthorized", - }); + return res + .type("application/json") + .status(HttpStatusCode.Unauthorized) + .json({ + error: "Unauthorized", + }); } const sourceUser = await UserService.getFromId(payload.sub); if (!sourceUser) { @@ -195,9 +210,12 @@ async function getUser(req: Request, res: Response) { }); } if ("username" in sourceUser && !sourceUser.is_admin) { - return res.type("application/json").status(HttpStatusCode.Unauthorized).json({ - error: "Unauthorized", - }); + return res + .type("application/json") + .status(HttpStatusCode.Unauthorized) + .json({ + error: "Unauthorized", + }); } const userId = req.params["id"]; const dbUser = await UserService.getFromId(userId); @@ -308,7 +326,7 @@ async function deleteUser(req: Request, res: Response): Promise { } const payload = await JwtService.verify(bearerToken); - if (!payload) { + if (!payload || !payload.sub) { logger.warn(`Invalid token (${req.ip})`); return res.type("application/json").status(401).json({ error: "Invalid token",