Use cookies for authentication as a last resort.

Fixes #335
2025-12-06 10:07:08 +00:00 · 2025-08-13 16:53:11 +02:00
parent 84510e8dc9
commit 083ee812de
3 changed files with 27 additions and 17 deletions
--- a/lib/www/server/api/middleware/auth/authentify.js
+++ b/lib/www/server/api/middleware/auth/authentify.js
@@ -166,6 +166,16 @@ async function auth(req, res, next) {
 		return;
 	}

+	// If *all* else fails, check if the user came with a cookie
+	// (see https://gitlab.com/wgp/dougal/software/-/issues/335)
+	if (req.cookies.JWT) {
+		const token = req.cookies.JWT;
+		delete req.cookies.JWT;
+		DEBUG("falling back to cookie-based authentication");
+		req.user = await jwt.checkValidCredentials({jwt: token});
+		return await auth(req, res, next);
+	}
+
 	next({ status: 401, message: 'Not authorised' });
 }