🐛 return to login if user was not found (probably deleted in db or token manipulated)🚸

2025-11-13 08:13:56 +10:00 · 2023-03-09 11:24:32 +01:00
parent 02372eb6bc
commit 30e186d82a
5 changed files with 25 additions and 8 deletions
--- a/apps/web/pages/api/documents/index.ts
+++ b/apps/web/pages/api/documents/index.ts
@ -45,7 +45,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {
 }

 async function getHandler(req: NextApiRequest, res: NextApiResponse) {
-  let user = await getUserFromToken(req, res);
+  const user = await getUserFromToken(req, res);
  if (!user) return;

  const documents = await getDocumentsForUserFromToken({ req: req, res: res });
--- a/apps/web/pages/dashboard.tsx
+++ b/apps/web/pages/dashboard.tsx
@ -128,7 +128,13 @@ function getStat(name: string, props: any) {

 export async function getServerSideProps(context: any) {
  const user = await getUserFromToken(context.req, context.res);
-  if (!user) return;
+  if (!user)
+    return {
+      redirect: {
+        destination: "/login",
+        permanent: false,
+      },
+    };

  const documents: any[] = await getDocumentsForUserFromToken(context);

--- a/apps/web/pages/documents/[id]/index.tsx
+++ b/apps/web/pages/documents/[id]/index.tsx
@ -109,7 +109,13 @@ function formatDocumentStatus(status: DocumentStatus) {

 export async function getServerSideProps(context: any) {
  const user = await getUserFromToken(context.req, context.res);
-  if (!user) return;
+  if (!user)
+    return {
+      redirect: {
+        destination: "/login",
+        permanent: false,
+      },
+    };

  const { id: documentId } = context.query;

--- a/apps/web/pages/documents/[id]/recipients.tsx
+++ b/apps/web/pages/documents/[id]/recipients.tsx
@ -442,7 +442,13 @@ RecipientsPage.getLayout = function getLayout(page: ReactElement) {

 export async function getServerSideProps(context: any) {
  const user = await getUserFromToken(context.req, context.res);
-  if (!user) return;
+  if (!user)
+    return {
+      redirect: {
+        destination: "/login",
+        permanent: false,
+      },
+    };

  const { id: documentId } = context.query;
  const document: PrismaDocument = await getDocument(
--- a/packages/lib/server/getUserFromToken.ts
+++ b/packages/lib/server/getUserFromToken.ts
@ -2,6 +2,7 @@ import prisma from "@documenso/prisma";
 import { User as PrismaUser } from "@prisma/client";
 import { NextApiRequest, NextApiResponse } from "next";
 import { getToken } from "next-auth/jwt";
+import { signOut } from "next-auth/react";

 export async function getUserFromToken(
  req: NextApiRequest,
@ -20,11 +21,9 @@ export async function getUserFromToken(
    return null;
  }

-  let user = await prisma.user.findFirstOrThrow({
+  const user = await prisma.user.findFirst({
    where: { email: tokenEmail },
  });

-  if (user) return user;
-  if (!user) res.status(401).send("No user found for token.");
-  return null;
+  return user;
 }