github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor resource token creation logic

Browse Source 
Simplified token creation by directly using req.body.purpose.
This commit is contained in:
Marek Maslowski
2026-04-03 17:29:50 +02:00
committed by GitHub
parent 90af1332e8
commit 07546c4790
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/src/routes/auth.ts
View File

@@ -317,11 +317,7 @@ router.post('/ws-token', authenticate, (req: Request, res: Response) => {
// Short-lived single-use token for direct resource URLs
router.post('/resource-token', authenticate, (req: Request, res: Response) => {
const authReq = req as AuthRequest;
const { purpose } = req.body as { purpose?: string };
if (purpose !== 'download' && purpose !== 'immich' && purpose !== 'synologyphotos') {
return res.status(400).json({ error: 'Invalid purpose' });
}
const token = createResourceToken(authReq.user.id, purpose);
const token = createResourceToken(authReq.user.id, req.body.purpose);
if (!token) return res.status(503).json({ error: 'Service unavailable' });
res.json(token);
});