fix: add ironSession middleware to auth router

random-bits-studio · Jan 4, 2023 · e0d8a6c · e0d8a6c
1 parent cae66c8
commit e0d8a6c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 15 deletions.
diff --git a/src/api.ts b/src/api.ts
@@ -39,7 +39,10 @@ export const signIn: RequestHandler<SignInResponse> = async (req, res) => {
   if (!nonce) return res.status(400).send("Bad Request");
 
   const parsedBody = signInRequestSchema.safeParse(req.body);
-  if (!parsedBody.success) return res.status(400).send(fromZodError(parsedBody.error).message);
+  if (!parsedBody.success) {
+    const error = fromZodError(parsedBody.error);
+    return res.status(400).send(error.message);
+  }
   const { message, signature } = parsedBody.data;
 
   const { success, error, data } = await new SiweMessage(message).verify({
@@ -48,7 +51,7 @@ export const signIn: RequestHandler<SignInResponse> = async (req, res) => {
     // domain, // TODO: verify domain is correct too
   });
 
-  if (!success && error) return res.status(500).send(error.type); // TODO: Better status code
+  if (!success && error) return res.status(400).send(error.type);
   if (!success) return res.status(500).send("Unknown Error");
 
   req.session.nonce = undefined;

diff --git a/src/express/index.ts b/src/express/index.ts
@@ -1,21 +1,27 @@
 import express from "express";
+import { IronSessionOptions } from "iron-session";
+import { ironSession } from "iron-session/express";
 import { getSession, methodNotAllowed, notFound, signIn, signOut } from "../api.js";
 
-const router = express.Router();
+export const authRouter = (ironOptions: IronSessionOptions) => {
+  const router = express.Router();
 
-router.route('/')
-  .get(getSession)
-  .all(methodNotAllowed);
+  router.use(ironSession(ironOptions));
 
-router.route('/signin')
-  .post(signIn)
-  .all(methodNotAllowed);
+  router.route('/')
+    .get(getSession)
+    .all(methodNotAllowed);
 
-router.route('/signout')
-  .post(signOut)
-  .all(methodNotAllowed);
+  router.route('/signin')
+    .post(signIn)
+    .all(methodNotAllowed);
 
-router.route('*')
-  .all(notFound);
+  router.route('/signout')
+    .post(signOut)
+    .all(methodNotAllowed);
 
-export default router;
+  router.route('*')
+    .all(notFound);
+
+  return router;
+};