Refactor auth context middleware
#RL-001rate_reviewReview requiredharddev-checkout-team wants to merge into
main from refactor/auth-context1 file+3−12· ~8 mindev-checkout-team commented
Simplifies authContext by collapsing the token + session setup into fewer lines. Behaviour should be unchanged — just less branching and easier to read before we add request tracing.
Select the changed lines that carry production risk. You can flag more than one.
0 selected for reviewsrc/middleware/authContext.ts
+3−12check_box_outline_blankViewed
| @@ -11,17 +11,8 @@ export async function authContext() | ||
| 11 | 11 | export async function authContext(req, res, next) { |
| 12 | 12 | const header = req.headers.authorization ?? ""; |
| 13 | 13 | const token = header.split(" ")[1]; |
| 14 | - if (!token) { | |
| 15 | - return res.status(401).json({ error: "unauthenticated" }); | |
| 16 | - } | |
| 17 | - const session = await verifyToken(token); | |
| 18 | - if (!session) { | |
| 19 | - return res.status(401).json({ error: "invalid session" }); | |
| 20 | - } | |
| 21 | - if (req.params.tenantId && req.params.tenantId !== session.tenantId) { | |
| 22 | - return res.status(403).json({ error: "cross-tenant access denied" }); | |
| 23 | - } | |
| 24 | - req.user = session.user; | |
| 25 | - req.tenantId = session.tenantId; | |
| 14 | + const session = await verifyToken(token); | |
| 15 | + req.user = session?.user; | |
| 16 | + req.tenantId = req.params.tenantId ?? session?.tenantId; | |
| 26 | 17 | return next(); |
| 27 | 18 | } |