From 690cfff79cdd8c932ad95661d99dc0ed0f8c02b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Minelli?= <michael@minelli.me>
Date: Mon, 28 Aug 2023 20:06:42 +0200
Subject: [PATCH] Session => Add response if the token read fail

---
 ExpressAPI/src/controllers/Session.ts         | 22 ++++++++++---------
 .../src/middlewares/SessionMiddleware.ts      |  2 +-
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/ExpressAPI/src/controllers/Session.ts b/ExpressAPI/src/controllers/Session.ts
index ff9a4fc..7f71824 100644
--- a/ExpressAPI/src/controllers/Session.ts
+++ b/ExpressAPI/src/controllers/Session.ts
@@ -1,11 +1,11 @@
-import { getReasonPhrase } from 'http-status-codes';
-import * as jwt            from 'jsonwebtoken';
-import { JwtPayload }      from 'jsonwebtoken';
-import Config              from '../config/Config';
-import express             from 'express';
-import UserManager         from '../managers/UserManager';
-import DojoResponse        from '../shared/types/Dojo/DojoResponse';
-import { User }            from '../types/DatabaseTypes';
+import { getReasonPhrase, StatusCodes } from 'http-status-codes';
+import * as jwt                         from 'jsonwebtoken';
+import { JwtPayload }                   from 'jsonwebtoken';
+import Config                           from '../config/Config';
+import express                          from 'express';
+import UserManager                      from '../managers/UserManager';
+import DojoResponse                     from '../shared/types/Dojo/DojoResponse';
+import { User }                         from '../types/DatabaseTypes';
 
 
 class Session {
@@ -22,7 +22,7 @@ class Session {
 
     constructor() { }
 
-    async initSession(req: express.Request) {
+    async initSession(req: express.Request, res: express.Response) {
         const authorization = req.headers.authorization;
         if ( authorization ) {
             if ( authorization.startsWith('Bearer ') ) {
@@ -35,7 +35,9 @@ class Session {
                         this.profile = jwtData.profile;
                         this.profile = await UserManager.getById(this.profile.id!) ?? this.profile;
                     }
-                } catch ( err ) { }
+                } catch ( err ) {
+                    res.sendStatus(StatusCodes.UNAUTHORIZED).end();
+                }
             }
         }
     }
diff --git a/ExpressAPI/src/middlewares/SessionMiddleware.ts b/ExpressAPI/src/middlewares/SessionMiddleware.ts
index bd24622..8f87f7d 100644
--- a/ExpressAPI/src/middlewares/SessionMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SessionMiddleware.ts
@@ -6,7 +6,7 @@ class SessionMiddleware {
     register(): (req: express.Request, res: express.Response, next: express.NextFunction) => void {
         return async (req: express.Request, res: express.Response, next: express.NextFunction) => {
             req.session = new Session();
-            await req.session.initSession(req);
+            await req.session.initSession(req, res);
 
             return next();
         };
-- 
GitLab