fix(api): swap sessionUser and apiKey checks in dbUserInterceptor

twirapp · Sep 20, 2024 · 6cd6dcb · 6cd6dcb
1 parent 839c04e
commit 6cd6dcb
Showing 1 changed file with 9 additions and 11 deletions.
diff --git a/apps/api/internal/interceptors/db_user.go b/apps/api/internal/interceptors/db_user.go
@@ -27,6 +27,15 @@ func (s *Service) getUserByApiKey(apiKey string) (*model.Users, error) {
 
 func (s *Service) DbUserInterceptor(next twirp.Method) twirp.Method {
 	return func(ctx context.Context, req interface{}) (interface{}, error) {
+		sessionUser := s.sessionManager.Get(ctx, "dbUser")
+		if sessionUser != nil {
+			user := sessionUser.(model.Users)
+			if user.ID != "" {
+				ctx = context.WithValue(ctx, "dbUser", user)
+				return next(ctx, req)
+			}
+		}
+
 		apiKey := ctx.Value("apiKey")
 		if apiKey != nil {
 			castedApiKey, ok := apiKey.(string)
@@ -47,17 +56,6 @@ func (s *Service) DbUserInterceptor(next twirp.Method) twirp.Method {
 			return next(ctx, req)
 		}
 
-		sessionUser := s.sessionManager.Get(ctx, "dbUser")
-		if sessionUser == nil {
-			return nil, twirp.Unauthenticated.Error("not authenticated")
-		}
-
-		user := sessionUser.(model.Users)
-		if user.ID != "" {
-			ctx = context.WithValue(ctx, "dbUser", user)
-			return next(ctx, req)
-		}
-
 		return nil, twirp.Unauthenticated.Error("not authenticated")
 	}
 }