From 09fe514aada43cf4d60355806bea7a356f35ce21 Mon Sep 17 00:00:00 2001
From: Roland Bernard <rolbernard@unibz.it>
Date: Thu, 20 May 2021 15:04:57 +0200
Subject: [PATCH] Authorization now chechs the users existence

---
 server/src/v1/auth.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/server/src/v1/auth.ts b/server/src/v1/auth.ts
index 372e6a7..4bf7400 100644
--- a/server/src/v1/auth.ts
+++ b/server/src/v1/auth.ts
@@ -38,7 +38,14 @@ export async function tokenVerification(req: Request, _res: Response, next: Next
                 decoded = await asyncify(verify, token, getSecret(), { algorithms: ["HS384"] });
             }
             if (isOfType<Token>(decoded, [['id', 'string'], ['type', 'string']]) && decoded.type === authTokenType) {
-                req.body.token = decoded;
+                const user = await database('users')
+                    .select({ id: 'users.id' })
+                    .where({
+                        'users.id': decoded.id,
+                    });
+                if (user.length >= 1) {
+                    req.body.token = decoded;
+                }
             }
         } catch (err) { /* Token has already been deleted */ }
         next();
-- 
GitLab