[bug] validateToken was bypassed

src/router.ts

@@ -249,7 +249,7 @@ export async function registerAllListeners() {
     try {
       const { accessToken } = event.data;
 
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -286,7 +286,7 @@ export async function registerAllListeners() {
       const { accessToken } = event.data;
 
       // Validate the session token
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -322,7 +322,7 @@ export async function registerAllListeners() {
     try {
       const { processId, stateId, accessToken } = event.data;
 
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -433,7 +433,7 @@ export async function registerAllListeners() {
     try {
       const { accessToken } = event.data;
 
-      if (!accessToken || !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -465,7 +465,7 @@ export async function registerAllListeners() {
     try {
       const { processData, privateFields, roles, accessToken } = event.data;
 
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -512,7 +512,7 @@ export async function registerAllListeners() {
     try {
       const { processId, stateId, accessToken } = event.data;
 
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -548,7 +548,7 @@ export async function registerAllListeners() {
     try {
       const { processId, stateId, accessToken } = event.data;
 
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -582,7 +582,7 @@ export async function registerAllListeners() {
       // roles can be empty meaning that roles from the last commited state are kept
       const { processId, newData, privateFields, roles, accessToken } = event.data;
 
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }
 
@@ -671,7 +671,7 @@ export async function registerAllListeners() {
     try {
       const { accessToken, encodedData } = event.data;
 
-      if (!accessToken || !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
         throw new Error('Invalid or expired session token');
       }