From 9c6654182b2ccfe4b42408e888ae4cfeff402be5 Mon Sep 17 00:00:00 2001
From: Guillaume Dorce <polynux.dev@gmail.com>
Date: Fri, 26 Aug 2022 15:14:31 +0200
Subject: [PATCH] reject request if token not in db

---
 src/api/posts/index.ts           | 4 ++--
 src/controller/AuthController.ts | 8 +++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/api/posts/index.ts b/src/api/posts/index.ts
index 0d3d424..794e64b 100644
--- a/src/api/posts/index.ts
+++ b/src/api/posts/index.ts
@@ -24,8 +24,8 @@ const checkAuth = (req: Request, res: Response, next: NextFunction) => {
       req.userId = decodedToken;
       next();
     })
-    .catch(() => {
-      return res.status(401).send('Invalid token');
+    .catch((error) => {
+      return res.status(401).send(error);
     });
 };
 
diff --git a/src/controller/AuthController.ts b/src/controller/AuthController.ts
index a0f2ce1..574a129 100644
--- a/src/controller/AuthController.ts
+++ b/src/controller/AuthController.ts
@@ -32,7 +32,13 @@ const genToken = (userId: number) => {
   });
 };
 
-const verifyToken = (token: string): Promise<number> => {
+const verifyToken = async (token: string): Promise<number> => {
+  const prismaToken = await prisma.token.findUnique({
+    where: { token },
+  });
+  if (prismaToken === null) {
+    throw 'Token not found';
+  }
   return new Promise((resolve, reject) => {
     jwt.verify(token, config.JWT_SECRET, (err?, decoded?: jwt.JwtPayload | string) => {
       if (err) {