prevent panic when sse token is not found

jc21 · jc21 · commit 3301800f42d2 · 2023-05-29T15:18:18.000+10:00
diff --git a/backend/internal/api/middleware/auth.go b/backend/internal/api/middleware/auth.go
@@ -29,7 +29,7 @@ func DecodeAuth() func(http.Handler) http.Handler {
 	}
 
 	tokenAuth := jwtauth.New("RS256", privateKey, publicKey)
-	return jwtauth.Verify(tokenAuth, jwtauth.TokenFromHeader)
+	return jwtauth.Verify(tokenAuth, jwtauth.TokenFromHeader, jwtauth.TokenFromQuery)
 }
 
 // Enforce is a authentication middleware to enforce access from the
diff --git a/backend/internal/api/middleware/sse_auth.go b/backend/internal/api/middleware/sse_auth.go
@@ -14,13 +14,23 @@ import (
 func SSEAuth(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
-
 		token, claims, err := jwtauth.FromContext(ctx)
+
 		if err != nil {
 			h.ResultErrorJSON(w, r, http.StatusUnauthorized, err.Error(), nil)
 			return
 		}
 
+		if token == nil {
+			h.ResultErrorJSON(w, r, http.StatusUnauthorized, "No token given", nil)
+			return
+		}
+
+		if claims != nil {
+			h.ResultErrorJSON(w, r, http.StatusUnauthorized, "Unauthorised", nil)
+			return
+		}
+
 		userID := uint(claims["uid"].(float64))
 		_, enabled := user.IsEnabled(userID)
 		if token == nil || !token.Valid || !enabled || !claims.VerifyIssuer("sse", true) {

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func DecodeAuth() func(http.Handler) http.Handler {`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`tokenAuth := jwtauth.New("RS256", privateKey, publicKey)`
`32`		`- return jwtauth.Verify(tokenAuth, jwtauth.TokenFromHeader)`
	`32`	`+ return jwtauth.Verify(tokenAuth, jwtauth.TokenFromHeader, jwtauth.TokenFromQuery)`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`// Enforce is a authentication middleware to enforce access from the`