further improvement of isAuthorized

backend/src/graphql/directive/isAuthorized.ts

@@ -18,7 +18,10 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
     return true
 
   // Do we have a token?
-  if (context.token) {
+  if (!context.token) {
+    throw new Error('401 Unauthorized')
+  }
+
   // Decode the token
   const decoded = decode(context.token)
   if (!decoded) {
@@ -27,12 +30,6 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
   // Set context pubKey
   context.pubKey = Buffer.from(decoded.pubKey).toString('hex')
 
-    // Problem found by unit testing:
-    // I have a valid token in the context, but the database is cleaned,
-    // so the user object cannot be found here
-    // this should be working for inalienable rights
-
-    // set new header token
   // TODO - load from database dynamically & admin - maybe encode this in the token to prevent many database requests
   // TODO this implementation is bullshit - two database queries cause our user identifiers are not aligned and vary between email, id and pubKey
   const userRepository = await getCustomRepository(UserRepository)
@@ -40,12 +37,9 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
     const user = await userRepository.findByPubkeyHex(context.pubKey)
     const countServerUsers = await ServerUser.count({ email: user.email })
     context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER
-
-      context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) })
   } catch {
     throw new Error('401 Unauthorized')
   }
-  }
 
   // check for correct rights
   const missingRights = (<RIGHTS[]>rights).filter((right) => !context.role.hasRight(right))
@@ -53,6 +47,8 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
     throw new Error('401 Unauthorized')
   }
 
+  // set new header token
+  context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) })
   return true
 }