+ logger.debug('Checking socket access token %s.', accessToken)
+
+ if (!accessToken) return next(new Error('No access token provided'))
+
+ getAccessToken(accessToken)
+ .then(tokenDB => {
+ const now = new Date()
+
+ if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) {
+ return next(new Error('Invalid access token.'))
+ }
+
+ socket.handshake.query.user = tokenDB.User
+
+ return next()
+ })
+ .catch(err => logger.error('Cannot get access token.', { err }))
+}
+
+function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
+ return new Promise(resolve => {
+ // Already authenticated? (or tried to)
+ if (res.locals.oauth?.token.User) return resolve()
+
+ if (res.locals.authenticated === false) return res.sendStatus(401)
+
+ authenticate(req, res, () => resolve(), authenticateInQuery)