Fix CSP on dev mode

[github/Chocobozzz/PeerTube.git] / server / middlewares / oauth.ts

diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index a6f28dd5b56a58050cc12d5f0b87aa2ad9e1e640..8c1df2c3eaa2688f5edaa302aa49c5b9154d3b48 100644 (file)
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -28,9 +28,24 @@ function authenticate (req: express.Request, res: express.Response, next: expres
   })
 }
 
+function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) {
+  return new Promise(resolve => {
+    // Already authenticated? (or tried to)
+    if (res.locals.oauth && res.locals.oauth.token.User) return resolve()
+
+    if (res.locals.authenticated === false) return res.sendStatus(401)
+
+    authenticate(req, res, () => {
+      return resolve()
+    })
+  })
+}
+
 function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
   if (req.header('authorization')) return authenticate(req, res, next)
 
+  res.locals.authenticated = false
+
   return next()
 }
 
@@ -39,7 +54,7 @@ function token (req: express.Request, res: express.Response, next: express.NextF
     if (err) {
       return res.status(err.status)
         .json({
-          error: 'Authentication failed.',
+          error: err.message,
           code: err.name
         })
         .end()
@@ -53,6 +68,7 @@ function token (req: express.Request, res: express.Response, next: express.NextF
 
 export {
   authenticate,
+  authenticatePromiseIfNeeded,
   optionalAuthenticate,
   token
 }