Skip to content

Commit

Permalink
fix(api): swap sessionUser and apiKey checks in dbUserInterceptor
Browse files Browse the repository at this point in the history
  • Loading branch information
Satont committed Sep 20, 2024
1 parent 839c04e commit 6cd6dcb
Showing 1 changed file with 9 additions and 11 deletions.
20 changes: 9 additions & 11 deletions apps/api/internal/interceptors/db_user.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,15 @@ func (s *Service) getUserByApiKey(apiKey string) (*model.Users, error) {

func (s *Service) DbUserInterceptor(next twirp.Method) twirp.Method {
return func(ctx context.Context, req interface{}) (interface{}, error) {
sessionUser := s.sessionManager.Get(ctx, "dbUser")
if sessionUser != nil {
user := sessionUser.(model.Users)
if user.ID != "" {
ctx = context.WithValue(ctx, "dbUser", user)
return next(ctx, req)
}
}

apiKey := ctx.Value("apiKey")
if apiKey != nil {
castedApiKey, ok := apiKey.(string)
Expand All @@ -47,17 +56,6 @@ func (s *Service) DbUserInterceptor(next twirp.Method) twirp.Method {
return next(ctx, req)
}

sessionUser := s.sessionManager.Get(ctx, "dbUser")
if sessionUser == nil {
return nil, twirp.Unauthenticated.Error("not authenticated")
}

user := sessionUser.(model.Users)
if user.ID != "" {
ctx = context.WithValue(ctx, "dbUser", user)
return next(ctx, req)
}

return nil, twirp.Unauthenticated.Error("not authenticated")
}
}

0 comments on commit 6cd6dcb

Please sign in to comment.