Merge pull request #238 from map-of-pi/revisit-header-extraction

swoocn · web-flow · commit 6b59c7b82540 · 2025-03-04T20:10:56.000-05:00
Self approved.
diff --git a/src/config/docs/UsersSchema.yml b/src/config/docs/UsersSchema.yml
@@ -1,4 +1,9 @@
 components:
+  securitySchemes:
+    BearerAuth:
+      type: http
+      scheme: bearer
+
   schemas:
     AuthenticateUserRq:
       type: object
diff --git a/src/middlewares/isPioneerFound.ts b/src/middlewares/isPioneerFound.ts
@@ -8,16 +8,17 @@ export const isPioneerFound = async (
     res: Response,
     next: NextFunction
   ) => {
-    const auth = req.body.pioneerAuth;
+    const authHeader = req.headers.authorization;
+    const tokenFromHeader = authHeader && authHeader.split(" ")[1];
 
     try {
       logger.info("Verifying user's access token with the /me endpoint.");
       // Verify the user's access token with the /me endpoint:
       const me = await platformAPIClient.get(`/v2/me`, { 
-        headers: { 'Authorization': `Bearer ${auth.accessToken}` } 
+        headers: { 'Authorization': `Bearer ${ tokenFromHeader }` }  
       });
       
-      if (me) {
+      if (me && me.data) {
         const user = {
           pi_uid: me.data.uid,
           pi_username: me.data.username,
diff --git a/src/routes/user.routes.ts b/src/routes/user.routes.ts
@@ -29,22 +29,9 @@ const userRoutes = Router();
  *   post:
  *     tags:
  *       - User
- *     summary: Authenticate the user's access token
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             properties: 
- *               pioneerAuth:
- *                 type: object
- *                 properties:
- *                   accessToken:  
- *                     type: string
- *                     example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2NjZiYmFlNGEwNWJjYzNkOGRmYWI1NjMiLCJpYXQiOjE3MTgzMzk0MDksImV4cCI6MTcyMDkzMTQwOX0.gFz-EdHoOqz3-AuFX5R4uGtruFaTMH8sTOXEX-3c7yw
- *                 required:
- *                   - pioneerAuth    
+ *     summary: Authenticate the user's access token *
+ *     security:
+ *       - BearerAuth: []    
  *     responses:
  *       200:
  *         description: Successful response
