kaneo (minimalist kanban) fork to experiment adding a tangled integration
github.com/usekaneo/kaneo
fix(api): reject unauthenticated cookie fallback in asset auth
+6
-7
+6
-7
apps/api/src/utils/authenticate-api-request.ts
+6
-7
apps/api/src/utils/authenticate-api-request.ts
···
27
27
return { token: null, malformed: true };
28
28
}
29
29
30
-
const token = match[1]?.trim();
31
-
if (!token) {
32
-
return { token: null, malformed: true };
33
-
}
34
-
35
30
return {
36
-
token,
31
+
token: match[1],
37
32
malformed: false,
38
33
};
39
34
}
···
110
105
const sessionResult = await auth.api.getSession({
111
106
headers: c.req.raw.headers,
112
107
});
113
-
return { userId: sessionResult?.user?.id ?? "" };
108
+
if (!sessionResult?.user) {
109
+
throw new HTTPException(401, { message: "Unauthorized" });
110
+
}
111
+
112
+
return { userId: sessionResult.user.id };
114
113
}