From 83c370425e690dac3037c56e792c39a4b73443b8 Mon Sep 17 00:00:00 2001 From: suraimu-team Date: Mon, 20 Oct 2025 16:41:02 +0800 Subject: [PATCH] fix(auth): Fix admin user authentication for /users/db-health endpoint by adding cookie JWT support Fixed authentication issue for admin users accessing the /users/db-health endpoint: - Added JWT token extraction from cookies (req.cookies?.jwt) - Added support for Bearer token from Authorization header - Improved error handling for missing and invalid tokens - Ensured consistent authentication flow for admin users Changes made: - Check for JWT token in req.cookies?.jwt - Support Bearer token from Authorization header - Return 401 error when token is missing - Return 401 error when token validation fails Fixes: https://github.com/Termix-SSH/Support/issues/12 --- src/backend/utils/auth-manager.ts | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/backend/utils/auth-manager.ts b/src/backend/utils/auth-manager.ts index a13db6cd..25929644 100644 --- a/src/backend/utils/auth-manager.ts +++ b/src/backend/utils/auth-manager.ts @@ -223,12 +223,19 @@ class AuthManager { createAdminMiddleware() { return async (req: Request, res: Response, next: NextFunction) => { - const authHeader = req.headers["authorization"]; - if (!authHeader?.startsWith("Bearer ")) { - return res.status(401).json({ error: "Missing Authorization header" }); + let token = req.cookies?.jwt; + + if (!token) { + const authHeader = req.headers["authorization"]; + if (authHeader?.startsWith("Bearer ")) { + token = authHeader.split(" ")[1]; + } + } + + if (!token) { + return res.status(401).json({ error: "Missing authentication token" }); } - const token = authHeader.split(" ")[1]; const payload = await this.verifyJWTToken(token); if (!payload) {