fix validate token

thanhdanh27600 · Oct 13, 2023 · 5ddff0c · 5ddff0c
1 parent e30df60
commit 5ddff0c
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 8 deletions.
diff --git a/src/components/atoms/Modal.tsx b/src/components/atoms/Modal.tsx
@@ -66,7 +66,7 @@ export const Modal = (props: Props) => {
       {...props.ModalProps}>
       <div
         data-te-modal-dialog-ref
-        className="pointer-events-none relative flex min-h-full w-auto translate-y-[-50px] items-center opacity-0 transition-all duration-300 ease-in-out min-[576px]:mx-auto min-[576px]:mt-7 min-[576px]:min-h-full min-[576px]:max-w-[500px]">
+        className="pointer-events-none relative flex min-h-full w-auto translate-y-[-50px] items-center opacity-0 transition-all duration-300 ease-in-out max-[576px]:mt-12 min-[576px]:mx-auto min-[576px]:min-h-full min-[576px]:max-w-[500px]">
         <div className="min-[576px]:shadow-[0_0.5rem_1rem_rgba(#000, 0.15)] pointer-events-auto relative mx-auto flex w-[95%] flex-col rounded-md border-none bg-white bg-clip-padding text-current shadow-lg outline-none">
           <div className="flex flex-shrink-0 items-center justify-between rounded-t-md border-b-2 border-neutral-100 border-opacity-100 p-4">
             <h5 className="text-xl font-medium leading-normal text-neutral-800" id={`${props.id}Label`}>

diff --git a/src/controllers/forward.ts b/src/controllers/forward.ts
@@ -52,7 +52,7 @@ export const handler = api<Forward>(
     const hashKey = getRedisKey(REDIS_KEY.MAP_SHORTEN_BY_HASH, hash);
     const shortenedUrlCache = (await redis.hgetall(hashKey)) as any;
     if (!isEmpty(shortenedUrlCache)) {
-      valid = await shortenService.verifyToken(shortenedUrlCache, token);
+      valid = shortenService.verifyToken(shortenedUrlCache, token);
       if (!valid) return res.send({ errorCode: HttpStatusCode.UNAUTHORIZED, errorMessage: 'UNAUTHORIZED' });
       // cache hit
       sendMessageToQueue([{ subject: 'forward', body: data }]);
@@ -64,7 +64,7 @@ export const handler = api<Forward>(
     if (!history) {
       return badRequest(res);
     }
-    valid = await shortenService.verifyToken(history, token);
+    valid = shortenService.verifyToken(history, token);
     if (!valid) return res.send({ errorCode: HttpStatusCode.UNAUTHORIZED, errorMessage: 'UNAUTHORIZED' });
     sendMessageToQueue([{ subject: 'forward', body: data }]);
     shortenCacheService.postShortenHash(history);

diff --git a/src/controllers/stats/index.ts b/src/controllers/stats/index.ts
@@ -1,10 +1,10 @@
 import { Prisma } from '@prisma/client';
 import requestIp from 'request-ip';
 import prisma from '../../services/db/prisma';
-import { shortenService } from '../../services/shorten';
 import { LIMIT_RECENT_HISTORY } from '../../types/constants';
 import { Stats } from '../../types/stats';
 import { api, errorHandler, successHandler } from '../../utils/axios';
+import { decryptS } from '../../utils/crypto';
 import { parseIntSafe } from '../../utils/number';
 import { withQueryCursor } from '../../utils/requests';
 import { validateStatsSchema } from '../../utils/validateMiddleware';
@@ -54,7 +54,11 @@ export const handler = api<Stats>(
       },
     });
     if (history && history?.password) {
-      const valid = await shortenService.verifyToken(history, req.headers['X-Platform-Auth'.toLowerCase()] as string);
+      let valid = false;
+      const token = req.headers['X-Platform-Auth'.toLowerCase()] as string;
+      if (decryptS(token) === history.id.toString()) {
+        valid = true;
+      }
       if (!valid) {
         return errorHandler(res);
       }

diff --git a/src/services/shorten/index.ts b/src/services/shorten/index.ts
@@ -15,15 +15,15 @@ export class ShortenService {
   async verifyPassword(history: UrlShortenerHistory | null, password: string) {
     if (!history) return false;
     if (!history.password) return true;
-    if (!history.usePasswordForward) return true;
     const decryptPassword = decryptS(history.password);
     return decryptPassword === password;
   }
-  async verifyToken(history: UrlShortenerHistory | null, token: string) {
+  verifyToken(history: UrlShortenerHistory | null, token: string) {
     if (!history) return false;
     if (!history.password) return true;
     if (!history.usePasswordForward) return true;
-    if (!token || decryptS(token) !== history.id.toString()) {
+    if (!token) return false;
+    if (decryptS(token) !== history.id.toString()) {
       return false;
     }
     return true;