Invalid tokens are now allowed for unprotected routes

ff85a180 · Bernard Roland (Student Com20) · d4fef314 · ff85a180
Commit ff85a180 authored 3 years ago by Bernard Roland (Student Com20)
--- a/server/src/v1/auth.ts
+++ b/server/src/v1/auth.ts
@@ -109,7 +109,7 @@ auth.get("/extend", async function (req, res) {
    }
 });
-export async function tokenVerification(req: Request, res: Response, next: NextFunction) {
+export async function tokenVerification(req: Request, _res: Response, next: NextFunction) {
    const header = req.headers?.authorization;
    let token: string | null = null;
    if (header) {
@@ -124,13 +124,10 @@ export async function tokenVerification(req: Request, res: Response, next: NextF
        try {
            const decoded = await asyncify(verify, token, await getPublicKey(), { algorithms: ["ES384"] });
            req.body.token = decoded;
-            next();
        } catch (err) {
-            res.status(403).json({
+            delete req.body.token;
-                status: 'error',
-                message: 'authentication failed',
-            });
        }
+        next();
    } else {
        next();
    }