summary refs log tree commit diff
path: root/src/util/checkToken.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/checkToken.ts')
-rw-r--r--src/util/checkToken.ts11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/util/checkToken.ts b/src/util/checkToken.ts

index 73ffb670..e021a406 100644
--- a/src/util/checkToken.ts
+++ b/src/util/checkToken.ts
@@ -4,16 +4,21 @@ import { UserModel } from "../models";
 
 export function checkToken(token: string, jwtSecret: string): Promise<any> {
 	return new Promise((res, rej) => {
+		token = token.replace("Bot ", ""); // TODO: proper bot support
 		jwt.verify(token, jwtSecret, JWTOptions, async (err, decoded: any) => {
 			if (err || !decoded) return rej("Invalid Token");
 
-			const user = await UserModel.findOne({ id: decoded.id }, { "user_data.valid_tokens_since": true }).exec();
+			const user = await UserModel.findOne(
+				{ id: decoded.id },
+				{ "user_data.valid_tokens_since": true, bot: true }
+			).exec();
 			if (!user) return rej("Invalid Token");
-			if (decoded.iat * 1000 < user.user_data.valid_tokens_since.getTime()) return rej("Invalid Token");
+			// we need to round it to seconds as it saved as seconds in jwt iat and valid_tokens_since is stored in milliseconds
+			if (decoded.iat * 1000 < user.user_data.valid_tokens_since.setSeconds(0, 0)) return rej("Invalid Token");
 			if (user.disabled) return rej("User disabled");
 			if (user.deleted) return rej("User not found");
 
-			return res(decoded);
+			return res({ decoded, user });
 		});
 	});
 }
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-06 13:32:14 +0000