From 85f69b554b3ea15e11f4e6e7997f665b92f3de47 Mon Sep 17 00:00:00 2001
From: Kacper Michalik <kacper.michalik@rumblefish.pl>
Date: Tue, 10 Oct 2023 16:51:25 +0200
Subject: [PATCH] send 401 to unauthorized user

---
 packages/backend/src/nest/app.module.ts | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/packages/backend/src/nest/app.module.ts b/packages/backend/src/nest/app.module.ts
index 159609143a..91e7a75722 100644
--- a/packages/backend/src/nest/app.module.ts
+++ b/packages/backend/src/nest/app.module.ts
@@ -102,20 +102,35 @@ export class AppModule {
               pingInterval: 1000_000,
               pingTimeout: 1000_000,
             })
-            io.use((socket, next) => {
-              const authToken = socket.handshake.headers['authorization']
+            io.engine.use((req, res, next) => {
+              const authToken = req.headers['authorization']
+              if (!authToken) {
+                console.error('No authorization header')
+
+                res.writeHead(401, 'Unauthorized')
+                res.end()
+                return
+              }
+
               const socketIOToken = authToken && authToken.split(' ')[1]
               if (!socketIOToken) {
                 console.error('No auth token')
+
+                res.writeHead(401, 'Unauthorized')
+                res.end()
                 return
               }
-              console.error({ socketIOToken })
+
               if (verifyJWT(socketIOToken)) {
                 next()
               } else {
-                return
+                console.error('Wrong JWT')
+
+                res.writeHead(401, 'Unauthorized')
+                res.end()
               }
             })
+
             return { server, io }
           },
           inject: [EXPRESS_PROVIDER],