WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions

fix(tokens): add requireAuth middleware to token routes

Browse source 
Token CRUD endpoints had no authentication guard.  Without it,
unauthenticated requests could reach the handler — GET would return
empty results silently, and POST could attempt to insert a token with
user_id = NULL.  All other route files in this codebase apply
requireAuth explicitly; tokens.js was simply missing it.
This commit is contained in:
Zac Gaetano 2026-05-19 00:07:41 -04:00
parent 0ea8d7ce33
commit 4f8964e807
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/mam-api/src/routes/tokens.js
View file

@ -8,8 +8,10 @@
import express from 'express';
import crypto from 'crypto';
import pool from '../db/pool.js';
import { requireAuth } from '../middleware/auth.js';
const router = express.Router();
router.use(requireAuth);
// Helper: get current user ID from session or req.user
const userId = req => req.user?.id || req.session?.userId;