Fixed members auth middleware

no-issue The JWT library we used does not throw an error which can be used by Ghost. So we need to catch and wrap it in our own errors from @tryghost/errors.
2024-11-29 07:09:48 +03:00 · 2021-05-24 10:42:05 +01:00 · 2021-05-24 10:42:05 +01:00 · f4c40249ce
commit f4c40249ce
parent 2b5e22524b
1 changed files with 14 additions and 2 deletions
--- a/core/server/services/auth/members/index.js
+++ b/core/server/services/auth/members/index.js
@ -1,4 +1,5 @@
 const jwt = require('express-jwt');
+const {UnauthorizedError} = require('@tryghost/errors');
 const membersService = require('../../members');
 const config = require('../../../../shared/config');

@ -37,8 +38,19 @@ module.exports = {
                }
            }));
        }
-        return function (req, res, next) {
-            UNO_MEMBERINO.then(fn => fn(req, res, next)).catch(next);
+        return async function (req, res, next) {
+            try {
+                const middleware = await UNO_MEMBERINO;
+
+                middleware(req, res, function (err, ...rest) {
+                    if (err && err.name === 'UnauthorizedError') {
+                        return next(new UnauthorizedError({err}), ...rest);
+                    }
+                    return next(err, ...rest);
+                });
+            } catch (err) {
+                next(err);
+            }
        };
    }
 };