[bug] validateToken was bypassed

2025-06-30 19:49:06 +02:00 · 2025-06-30 19:49:06 +02:00 · f5fae245e2
commit f5fae245e2
parent ed4fa732f7
1 changed files with 9 additions and 9 deletions
--- a/src/router.ts
+++ b/src/router.ts
@ -249,7 +249,7 @@ export async function registerAllListeners() {
    try {
      const { accessToken } = event.data;
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -286,7 +286,7 @@ export async function registerAllListeners() {
      const { accessToken } = event.data;
      // Validate the session token
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -322,7 +322,7 @@ export async function registerAllListeners() {
    try {
      const { processId, stateId, accessToken } = event.data;
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -433,7 +433,7 @@ export async function registerAllListeners() {
    try {
      const { accessToken } = event.data;
-      if (!accessToken || !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -465,7 +465,7 @@ export async function registerAllListeners() {
    try {
      const { processData, privateFields, roles, accessToken } = event.data;
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -512,7 +512,7 @@ export async function registerAllListeners() {
    try {
      const { processId, stateId, accessToken } = event.data;
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -548,7 +548,7 @@ export async function registerAllListeners() {
    try {
      const { processId, stateId, accessToken } = event.data;
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -582,7 +582,7 @@ export async function registerAllListeners() {
      // roles can be empty meaning that roles from the last commited state are kept
      const { processId, newData, privateFields, roles, accessToken } = event.data;
-      if (!accessToken || await !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }
@ -671,7 +671,7 @@ export async function registerAllListeners() {
    try {
      const { accessToken, encodedData } = event.data;
-      if (!accessToken || !tokenService.validateToken(accessToken, event.origin)) {
+      if (!accessToken || !(await tokenService.validateToken(accessToken, event.origin))) {
        throw new Error('Invalid or expired session token');
      }