mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-16 08:54:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

check resource id on verify access token

Browse source
This commit is contained in:
miloschwartz 2025-04-06 13:08:55 -04:00
parent 5a6a035d30
commit 0e65f8c921
No known key found for this signature in database
4 changed files with 16 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
server/auth/verifyResourceAccessToken.ts
View file

@ -13,10 +13,12 @@ import { sha256 } from "@oslojs/crypto/sha2";
export async function verifyResourceAccessToken({
accessToken,
accessTokenId
accessTokenId,
resourceId
}: {
accessToken: string;
accessTokenId?: string;
resourceId?: number; // IF THIS IS NOT SET, THE TOKEN IS VALID FOR ALL RESOURCES
}): Promise<{
valid: boolean;
error?: string;
@ -100,6 +102,13 @@ export async function verifyResourceAccessToken({
};
}
if (resourceId && resource.resourceId !== resourceId) {
return {
valid: false,
error: "Resource ID does not match"
};
}
return {
valid: true,
tokenItem,