barbercollie/ReadMeABook
1
0
Fork 1
mirror of https://github.com/kikootwo/ReadMeABook.git synced 2026-06-02 20:30:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove redundant id field from JWT payloads

Browse Source 
Drop the duplicated `id` alias from JWT payloads and related token generation across auth providers and endpoints. The TokenPayload interface no longer includes `id`; middleware now derives `user.id` from `sub` when attaching the authenticated user to requests. Update tests accordingly. This reduces redundancy and ensures the canonical user identifier is `sub`.
This commit is contained in:
kikootwo
2026-03-04 15:36:28 -05:00
parent a50fbc721e
commit 95917715b1
11 changed files with 3 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app/api/auth/admin/login/route.ts
-1
View File
@@ -92,7 +92,6 @@ export async function POST(request: NextRequest) {
// Generate JWT tokens // Generate JWT tokens
const accessToken = generateAccessToken({ const accessToken = generateAccessToken({
sub: user.id, sub: user.id,
id: user.id,
plexId: user.plexId, plexId: user.plexId,
username: user.plexUsername, username: user.plexUsername,
role: user.role, role: user.role,
src/app/api/auth/plex/callback/route.ts
-1
View File
@@ -239,7 +239,6 @@ export async function GET(request: NextRequest) {
// Generate JWT tokens // Generate JWT tokens
const accessToken = generateAccessToken({ const accessToken = generateAccessToken({
sub: user.id, sub: user.id,
id: user.id,
plexId: user.plexId, plexId: user.plexId,
username: user.plexUsername, username: user.plexUsername,
role: user.role, role: user.role,
src/app/api/auth/plex/switch-profile/route.ts
-1
View File
@@ -167,7 +167,6 @@ export async function POST(request: NextRequest) {
// Generate JWT tokens // Generate JWT tokens
const accessToken = generateAccessToken({ const accessToken = generateAccessToken({
sub: user.id, sub: user.id,
id: user.id,
plexId: user.plexId, plexId: user.plexId,
username: user.plexUsername, username: user.plexUsername,
role: user.role, role: user.role,
src/app/api/auth/refresh/route.ts
-1
View File
@@ -60,7 +60,6 @@ export async function POST(request: NextRequest) {
// Generate new access token // Generate new access token
const accessToken = generateAccessToken({ const accessToken = generateAccessToken({
sub: user.id, sub: user.id,
id: user.id,
plexId: user.plexId, plexId: user.plexId,
username: user.plexUsername, username: user.plexUsername,
role: user.role, role: user.role,
src/app/api/setup/complete/route.ts
-1
View File
@@ -163,7 +163,6 @@ export async function POST(request: NextRequest) {
// Generate JWT tokens for auto-login // Generate JWT tokens for auto-login
accessToken = generateAccessToken({ accessToken = generateAccessToken({
sub: adminUser.id, sub: adminUser.id,
id: adminUser.id,
plexId: adminUser.plexId, plexId: adminUser.plexId,
username: adminUser.plexUsername, username: adminUser.plexUsername,
role: adminUser.role, role: adminUser.role,
src/lib/middleware/auth.ts
+3 -4
View File
@@ -13,7 +13,7 @@ import { API_TOKEN_PREFIX, isEndpointAllowed } from '../constants/api-tokens';
const logger = RMABLogger.create('Auth'); const logger = RMABLogger.create('Auth');
export interface AuthenticatedRequest extends NextRequest { export interface AuthenticatedRequest extends NextRequest {
user?: TokenPayload; user?: TokenPayload & { id: string };
} }
/** /**
@@ -89,7 +89,6 @@ async function authenticateApiToken(token: string): Promise<TokenPayload | null>
// Use the token's target user (userId), not the creator (createdById) // Use the token's target user (userId), not the creator (createdById)
return { return {
sub: user.id, sub: user.id,
id: user.id,
plexId: user.plexId, plexId: user.plexId,
username: user.plexUsername, username: user.plexUsername,
role: apiToken.role, role: apiToken.role,
@@ -149,7 +148,7 @@ export async function requireAuth(
} }
const authenticatedRequest = request as AuthenticatedRequest; const authenticatedRequest = request as AuthenticatedRequest;
authenticatedRequest.user = apiUser; authenticatedRequest.user = { ...apiUser, id: apiUser.sub };
return handler(authenticatedRequest); return handler(authenticatedRequest);
} }
@@ -191,7 +190,7 @@ export async function requireAuth(
const authenticatedRequest = request as AuthenticatedRequest; const authenticatedRequest = request as AuthenticatedRequest;
authenticatedRequest.user = { authenticatedRequest.user = {
...payload, ...payload,
id: user.id, id: payload.sub,
}; };
return handler(authenticatedRequest); return handler(authenticatedRequest);
src/lib/services/auth/LocalAuthProvider.ts
-1
View File
@@ -250,7 +250,6 @@ export class LocalAuthProvider implements IAuthProvider {
private async generateTokens(userInfo: UserInfo & { plexId: string }): Promise<AuthTokens> { private async generateTokens(userInfo: UserInfo & { plexId: string }): Promise<AuthTokens> {
const tokenPayload = { const tokenPayload = {
sub: userInfo.id, sub: userInfo.id,
id: userInfo.id,
plexId: userInfo.plexId, plexId: userInfo.plexId,
username: userInfo.username, username: userInfo.username,
role: userInfo.role || 'user', role: userInfo.role || 'user',
src/lib/services/auth/OIDCAuthProvider.ts
-1
View File
@@ -516,7 +516,6 @@ export class OIDCAuthProvider implements IAuthProvider {
private async generateTokens(userInfo: UserInfo): Promise<AuthTokens> { private async generateTokens(userInfo: UserInfo): Promise<AuthTokens> {
const accessToken = generateAccessToken({ const accessToken = generateAccessToken({
sub: userInfo.id, sub: userInfo.id,
id: userInfo.id,
plexId: userInfo.id, // For backwards compatibility plexId: userInfo.id, // For backwards compatibility
username: userInfo.username, username: userInfo.username,
role: userInfo.role || 'user', role: userInfo.role || 'user',
src/lib/services/auth/PlexAuthProvider.ts
-1
View File
@@ -250,7 +250,6 @@ export class PlexAuthProvider implements IAuthProvider {
private async generateTokens(userInfo: UserInfo): Promise<AuthTokens> { private async generateTokens(userInfo: UserInfo): Promise<AuthTokens> {
const accessToken = generateAccessToken({ const accessToken = generateAccessToken({
sub: userInfo.id, sub: userInfo.id,
id: userInfo.id,
plexId: userInfo.id, // For backwards compatibility plexId: userInfo.id, // For backwards compatibility
username: userInfo.username, username: userInfo.username,
role: userInfo.role || 'user', role: userInfo.role || 'user',
src/lib/utils/jwt.ts
-1
View File
@@ -17,7 +17,6 @@ const REFRESH_TOKEN_EXPIRY = '7d'; // 7 days
export interface TokenPayload { export interface TokenPayload {
sub: string; // User ID sub: string; // User ID
id: string; // User ID (alias for sub, used by req.user.id throughout the codebase)
plexId: string; plexId: string;
username: string; username: string;
role: string; role: string;
tests/utils/jwt.test.ts
-2
View File
@@ -17,7 +17,6 @@ describe('JWT utilities', () => {
it('generates and verifies access tokens', () => { it('generates and verifies access tokens', () => {
const token = generateAccessToken({ const token = generateAccessToken({
sub: 'user-1', sub: 'user-1',
id: 'user-1',
plexId: 'plex-1', plexId: 'plex-1',
username: 'user', username: 'user',
role: 'admin', role: 'admin',
@@ -58,7 +57,6 @@ describe('JWT utilities', () => {
it('decodes tokens without verification', () => { it('decodes tokens without verification', () => {
const token = generateAccessToken({ const token = generateAccessToken({
sub: 'user-4', sub: 'user-4',
id: 'user-4',
plexId: 'plex-4', plexId: 'plex-4',
username: 'user', username: 'user',
role: 'user', role: 'user',