(req: express.Request)
| 922 | } |
| 923 | |
| 924 | async function isHttpRequestAuthenticated(req: express.Request): Promise<boolean> { |
| 925 | if (!authToken?.trim()) { |
| 926 | return true; |
| 927 | } |
| 928 | |
| 929 | const expectedToken = authToken.trim(); |
| 930 | const presentedToken = extractBearerToken(req.header("authorization")); |
| 931 | if (presentedToken && safeEq(presentedToken, expectedToken)) { |
| 932 | return true; |
| 933 | } |
| 934 | |
| 935 | const sessionTokens = extractCookieValues(req.headers.cookie, SERVER_AUTH_SESSION_COOKIE_NAME); |
| 936 | if (sessionTokens.length === 0) { |
| 937 | return false; |
| 938 | } |
| 939 | |
| 940 | for (const sessionToken of sessionTokens) { |
| 941 | const validation = await context.serverAuthService.validateSessionToken(sessionToken, { |
| 942 | userAgent: req.header("user-agent") ?? undefined, |
| 943 | ipAddress: getRequestIpAddress(req), |
| 944 | }); |
| 945 | |
| 946 | if (validation != null) { |
| 947 | return true; |
| 948 | } |
| 949 | } |
| 950 | |
| 951 | return false; |
| 952 | } |
| 953 | |
| 954 | function getStringParamFromQueryOrBody(req: express.Request, key: string): string | null { |
| 955 | const queryValue = req.query[key]; |
no test coverage detected