tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adds safety check to getExtractJWT

Browse Source
This commit is contained in:
James
2020-08-29 12:05:40 -04:00
parent 87522ff7d6
commit 155db092c4
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/auth/getExtractJWT.js
View File

@@ -1,20 +1,22 @@
const parseCookies = require('../utilities/parseCookies');
const getExtractJWT = (config) => (req) => {
const jwtFromHeader = req.get('Authorization');
const origin = req.get('Origin');
if (req && req.get) {
const jwtFromHeader = req.get('Authorization');
const origin = req.get('Origin');
if (jwtFromHeader && jwtFromHeader.indexOf('JWT ') === 0) {
return jwtFromHeader.replace('JWT ', '');
}
if (jwtFromHeader && jwtFromHeader.indexOf('JWT ') === 0) {
return jwtFromHeader.replace('JWT ', '');
}
const cookies = parseCookies(req);
const tokenCookieName = `${config.cookiePrefix}-token`;
const cookies = parseCookies(req);
const tokenCookieName = `${config.cookiePrefix}-token`;
if (cookies && cookies[tokenCookieName]) {
if (!origin || (config.csrf && config.csrf.indexOf(origin) > -1)) {
const token = cookies[tokenCookieName];
return token;
if (cookies && cookies[tokenCookieName]) {
if (!origin || (config.csrf && config.csrf.indexOf(origin) > -1)) {
const token = cookies[tokenCookieName];
return token;
}
}
}