2022-05-31 03:03:48 +00:00
|
|
|
import { User } from "@prisma/client"
|
|
|
|
import { NextApiRequest, NextApiResponse } from "next"
|
|
|
|
import { client } from "./prismaClient"
|
|
|
|
import { Interrupt } from "./interrupt"
|
|
|
|
|
|
|
|
|
2022-05-31 14:39:30 +00:00
|
|
|
export async function authorizeUser(req: NextApiRequest): Promise<User> {
|
2022-05-31 03:03:48 +00:00
|
|
|
const authorization = req.headers.authorization
|
|
|
|
|
|
|
|
if (!authorization) {
|
|
|
|
throw new Interrupt(401, {error: "Missing Authorization header" })
|
|
|
|
}
|
|
|
|
|
|
|
|
const token = authorization.match(/^Bearer (\S+)$/)?.[1]
|
|
|
|
|
|
|
|
if(!(token)) {
|
|
|
|
throw new Interrupt(401, {error: "Invalid Authorization header" })
|
|
|
|
}
|
|
|
|
|
|
|
|
const dbToken = await client.token.findUnique({where: {token}, include: {user: true}})
|
|
|
|
|
|
|
|
if(!(dbToken)) {
|
|
|
|
throw new Interrupt(401, {error: "No such Authorization token" })
|
|
|
|
}
|
|
|
|
|
|
|
|
return dbToken.user
|
|
|
|
}
|