From f5fae245e250699b4f354d4aa6ca5a3a72bfa0b2 Mon Sep 17 00:00:00 2001 From: Sosthene Date: Mon, 30 Jun 2025 19:49:06 +0200 Subject: [PATCH] [bug] validateToken was bypassed --- src/router.ts | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/router.ts b/src/router.ts index e738ce4..b6da5a8 100755 --- a/src/router.ts +++ b/src/router.ts @@ -249,7 +249,7 @@ export async function registerAllListeners() { try { const { accessToken } = event.data; - if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -286,7 +286,7 @@ export async function registerAllListeners() { const { accessToken } = event.data; // Validate the session token - if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -322,7 +322,7 @@ export async function registerAllListeners() { try { const { processId, stateId, accessToken } = event.data; - if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -433,7 +433,7 @@ export async function registerAllListeners() { try { const { accessToken } = event.data; - if (!accessToken || !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -465,7 +465,7 @@ export async function registerAllListeners() { try { const { processData, privateFields, roles, accessToken } = event.data; - if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -512,7 +512,7 @@ export async function registerAllListeners() { try { const { processId, stateId, accessToken } = event.data; - if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -548,7 +548,7 @@ export async function registerAllListeners() { try { const { processId, stateId, accessToken } = event.data; - if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -582,7 +582,7 @@ export async function registerAllListeners() { // roles can be empty meaning that roles from the last commited state are kept const { processId, newData, privateFields, roles, accessToken } = event.data; - if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); } @@ -671,7 +671,7 @@ export async function registerAllListeners() { try { const { accessToken, encodedData } = event.data; - if (!accessToken || !tokenService.validateToken(accessToken, event.origin)) { + if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) { throw new Error('Invalid or expired session token'); }