fix: keep unauthenticated user logged in if allowed #114

C4illin · Aug 23, 2024 · bc4ad49 · bc4ad49
1 parent f0d0e43
commit bc4ad49
Showing 1 changed file with 13 additions and 11 deletions.
diff --git a/src/index.tsx b/src/index.tsx
@@ -415,21 +415,23 @@ const app = new Elysia({
       user = await jwt.verify(auth.value);
 
       if (user !== false && user.id) {
-        // make sure user exists in db
-        const existingUser = db
-          .query("SELECT * FROM users WHERE id = ?")
-          .as(User)
-          .get(user.id);
-
-        if (!existingUser) {
-          if (auth?.value) {
-            auth.remove();
+        if (Number.parseInt(user.id) < 2 ** 24 || !ALLOW_UNAUTHENTICATED) {
+          // make sure user exists in db
+          const existingUser = db
+            .query("SELECT * FROM users WHERE id = ?")
+            .as(User)
+            .get(user.id);
+
+          if (!existingUser) {
+            if (auth?.value) {
+              auth.remove();
+            }
+            return redirect("/login", 302);
           }
-          return redirect("/login", 302);
         }
       }
     } else if (ALLOW_UNAUTHENTICATED) {
-      const newUserId = String(randomInt(2 ^ 24, Number.MAX_SAFE_INTEGER));
+      const newUserId = String(randomInt(2 ** 24, Number.MAX_SAFE_INTEGER));
       const accessToken = await jwt.sign({
         id: newUserId,
       });