Fix bug where an unauthorized request could crash the server
This commit is contained in:
parent
7c603cb4df
commit
dfc89123f6
|
@ -33,15 +33,21 @@ func NewUserLoaderByToken(db *gorm.DB) *UserLoader {
|
|||
}
|
||||
rows.Close()
|
||||
|
||||
var userMap map[int]*models.User
|
||||
if len(userIDs) > 0 {
|
||||
|
||||
var users []*models.User
|
||||
if err := db.Where("id IN (?)", userIDs).Find(&users).Error; err != nil {
|
||||
return nil, []error{err}
|
||||
}
|
||||
|
||||
userMap := make(map[int]*models.User, len(users))
|
||||
userMap = make(map[int]*models.User, len(users))
|
||||
for _, user := range users {
|
||||
userMap[user.ID] = user
|
||||
}
|
||||
} else {
|
||||
userMap = make(map[int]*models.User, 0)
|
||||
}
|
||||
|
||||
tokenMap := make(map[string]*models.AccessToken, len(tokens))
|
||||
for _, token := range accessTokens {
|
||||
|
@ -51,11 +57,11 @@ func NewUserLoaderByToken(db *gorm.DB) *UserLoader {
|
|||
result := make([]*models.User, len(tokens))
|
||||
for i, token := range tokens {
|
||||
accessToken, tokenFound := tokenMap[token]
|
||||
if tokenFound {
|
||||
user, userFound := userMap[accessToken.UserID]
|
||||
if tokenFound && userFound {
|
||||
if userFound {
|
||||
result[i] = user
|
||||
} else {
|
||||
result[i] = nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -70,6 +70,12 @@ const linkError = onError(({ graphQLErrors, networkError }) => {
|
|||
content: `Received ${graphQLErrors.length} errors from the server. See the console for more information`,
|
||||
})
|
||||
}
|
||||
|
||||
if (graphQLErrors.find(x => x.message == 'unauthorized')) {
|
||||
console.log('Unauthorized, clearing token cookie')
|
||||
clearTokenCookie()
|
||||
location.reload()
|
||||
}
|
||||
}
|
||||
|
||||
if (networkError) {
|
||||
|
|
Loading…
Reference in New Issue