summaryrefslogtreecommitdiffstats
path: root/server/middleware
diff options
context:
space:
mode:
Diffstat (limited to 'server/middleware')
-rw-r--r--server/middleware/auth.js5
-rw-r--r--server/middleware/redirectIfLoggedIn.js2
2 files changed, 4 insertions, 3 deletions
diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 462b100..bec113d 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -10,13 +10,14 @@ const auth = async (req, res, next) => {
}
try {
- const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+ const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.userId = decoded._id;
req.refreshToken = decoded.ref;
return next();
} catch(er) {
if (er.message && er.message === 'jwt expired') {
- const { _id, ref } = jwt.decode(token, 'replaceThisWithSecretString');
+ const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET);
+ console.log('reading db to login')
const user = await User.findById(_id);
if (!user) {
diff --git a/server/middleware/redirectIfLoggedIn.js b/server/middleware/redirectIfLoggedIn.js
index 62a413c..fe793f7 100644
--- a/server/middleware/redirectIfLoggedIn.js
+++ b/server/middleware/redirectIfLoggedIn.js
@@ -9,7 +9,7 @@ const redirectIfLoggedIn = async (req, res, next) => {
throw new Error();
}
- const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+ const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await User.findOne({ _id: decoded._id, 'tokens.token': token });
if (!user) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-22 21:03:36 +0000